Hello,
I want to know the best way to change my configuration what i want to do is to create subinterfaces and at the moment, the physical has a configuration so i want to migrate everything (ACL's, NAT, NAMES, ASDM,
etc...) without modifying NAMEIF, IP ADDRESS... from physical interface
to same physical but as a subinterface.
I know i will have first to do :
Ethernet1 NO NAMEIF DMZ NO IP ADDRESS 10.10.10.10
Ethernet1.1 NAMEIF DMZ IP ADDRESS 10.10.10.10 VLAN 10
i think at the moment i will do NO NAMEIF everything in the configuration associated to NAMEIF DMZ will be removed.
Thanks
R=E9pondre
2 De : Walter Roberson - afficher le profil Date : Sam 13 mai 2006 20:16 E-mail : snipped-for-privacy@hushmail.com (Walter Roberson) Groupes : comp.security.firewalls Note : (1 utilisateur) afficher les optionsR=E9pondre | R=E9pondre =E0 l'auteur | Transf=E9rer | Imprimer | Message individuel | Afficher l'original | Signaler un cas d'utilisation abusive | Rechercher les messages de cet auteur
In article ,
wrote:
You haven't indicated even the manufacturer's name, let alone the model.
Based upon your reference to ASDM, and your use of subinterfaces, it would appear you are using either a Cisco PIX running 7.x software, or a Cisco ASA55x0 running 7.x software ? If so, then comp.dcom.sys.cisco would be a better location to ask in.
Not on a PIX it wouldn't. The PIX 'nameif' statement just gives a friendly name to an interface, but the internal configuration is all stored in terms of the hardware interface name. For example, if you were to use no nameif dmz followed by nameif FinanceDMZ and then were to display the configuration, then everywhere that used to have dmz would now have FinanceDMZ
On the other hand, removing the IP address from an interface -does- have impacts.
You asked about the "best" way. That depends upon exactly how you are connecting to the device. Generally speaking, one of the better ways is to upload the configuration to a tftp server, make a copy of the file on the server and edit the copy, then on the device, clear the configuration and put back just enough configuration to be able to talk to the tftp server again, and then download the modified configuration from the tftp server.
R=E9pondre =C9valuer ce message : Text for clearing space
3 De : Shnooky - afficher le profil Date : Sam 13 mai 2006 21:10 E-mail : "Shnooky" Groupes : comp.security.firewalls Pas encore not=E9Note : afficher les optionsR=E9pondre | R=E9pondre =E0 l'auteur | Transf=E9rer | Imprimer | Message individuel | Afficher l'original | Retirer | Signaler un cas d'utilisation abusive | Rechercher les messages de cet auteur
Many thanks for your quick reply
You are right i miss the model it's a PIX 525 with 7.0 and ASDM 5.0
i am a new user of this forum i will try the cisco forum
ok for the nameif but you mean that when you remove a nameif the configuration has still orphans lines ?
So for my modification i use telnet connection and a tftp server, no problem for that, is it better to do that in the running or startup config ??
My other question is how can i keep in the configuration only the lines
for that interface, I'm talking about access-lists INBOUND and OUTBOUND
and the NAT too because with ASDM i created group object but there is nothing that says for which interface it is, i tried : SH RUN | include
"Routed networks" and SH RUN | include DMZ=20
Regards,