1. Home
  2. Cisco Systems
  3. Replacing 501 with a 515

Replacing 501 with a 515

Hi,

We want to replace our 501 PIX with a 515 PIX, in order to give greater throughput over our VPN to the 515's in our data centres.

Both PIX's are running the same IOS 6.3(4) with identical line for line confgigs. I copy and pasted the entire configuration from the 501 to the 515. Most things on the PIX work, internet access, VPN's etc. However I am unable to ftp in too our ftp server, and our VIOP phone system stops working, by plugging the 501 back in everything works fine again.

If the configs are identical why would some of the services work and not others?

Or is there something I am missing because they are different hardware?

regards Paul Roberts.

Reply to
Bob
Loading thread data ...

Are you sure the VPN's are working? If you just copy and pasted from a show config there is no way they could be working. The crypto keys are not displayed in a show config. The only way to get them clear text is to do a wr net to a tftp server on the lan. You could then copy and paste that config in since the keys would be clear.

Next option would be to post both configs and we'll take a look.

Reply to
Brian V

Hi,

Yeah I did a write net to get the crypto keys, so the VPN's are fine. I used win merge to the check the configs so I know they are line for line the same.

what sections would you need to look at?

Thanks Regards Paul Roberts.

Reply to
Bob

You may need to clear the ARP cache of the servers that are not reachable.

If they still have the PIX 501 MAC address in their ARP cache it will not work

Reply to
mcaissie

Ah Ha, could point!

Do you know how to clear the arp cache on Linux?

save me googling it...

Thanks Regards Paul Roberts

Reply to
Bob

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.