1. Home
  2. Cisco Systems
  3. Replacing a PIX 515E with a PIX 515

Replacing a PIX 515E with a PIX 515

I have a PIX 515E that I am currently using as our main firewall, attached to a T1. I am getting a 4mb connection (over 10mb ethernet) at a colo facility, and I would like to move this PIX 515E over there. In order to do this, I need to take a PIX 515 that I have and get it to work identically. I have copy/pasted the config from the 515E to the

515, I have copy the 515E's config to a tftp server, and then download it to the 515 by tftp. The PIX 515 is somewhat functional.

Each unit has 64MB RAM, 16MB Flash, UR License, VAC card, and 4 FE card. The 515E has PIX OS 6.3(4), and the 515 has PIX OS 6.3(5). I have used a diff to see if there are any major changes after loading, and I see none. The PIX 515 works for access from Inside to DMZ and Outside, and from the DMZ to Outside... but none of the ACLs work for traffic from Outside to DMZ or Inside, or DMZ to Inside.

Any ideas?

Thanks, Dustin

Reply to
Dustin
Loading thread data ...

Hi,

Should be identical. The only difference would be the 515E has a faster CPU and can take more RAM from memory. Are all the interfaces called the same on both PIX's? It maybe that your access lists arent bound to the right names of the interface cards.

Cheers

Matt

Reply to
Matty M

I spoke with someone from TAC. She recommended that we reset the ARP cache on our router. I did not think that this was a possible reason, at first, because the PIX was forwarding outbound traffic properly. Because of this, I was pretty sure that the ARP information has been reset.

After looking at the ARP cache on our router, I saw that the default cache is 4 hours, and that each IP that was being translated had a separate entry (which does make sense). It is odd how you never really think about certain basic things, because they rarely present problems.

I am going to make another go of it tomorrow morning, and I am going to look at the ARP cache and reset if necesary.

Reply to
Dustin

I was under the impression that the ARP cleared itself after a while or even when you switch the PIX on/reboot it. I know that clear xlate is a good one when your changing access lists but I thought they were not working at all when you turned the PIX on?

Cheers

Matt

Reply to
Matty M

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.