tftp a pix 515E config?

- Y
- you know who maybe
  
  Contact options for registered users
posted
18 years ago

Wed, Jun 1, 2005 3:59 PM

Are there any known issues with using tftp to make an exact clone of two PIX

515E firewalls?

I'm getting ready to upgrade to 7.0 but first want to clone my production

515E to my test 515E. Both are on 6.3.4 but the production machine has 32MB of RAM while the test machine has 64MB of RAM. Using tftp I have saved the config to the tftp server. On my test 515E configured the same hostname and domain-name but different IP address.

In our configs we have multiple PIX-to-PIX VPN's with shared keys. Are the passphrases in the tftp file? Will they be copied back to the test 515E using tftp? Did I need to setup in advance the hostname and domain-name and generate a new rsa key or was this unnecessary because the config will have this info?

Many thanks for reading this and your advice.

-Bob

- Y
- you know who maybe
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Wed, Jun 1, 2005 4:12 PM

OK, answered that one by looking in the file! I'm just worried when I switch

515E's I'll miss something....

- Y
- you know who maybe
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Wed, Jun 1, 2005 4:47 PM

While I'm talking to myself I might as well end the conversation:

This worked for me:

write erase 515E "test" firewall Use "Pre-configure" interactive prompts to set IP address for inside interface write mem and reload Use configure net command to pull config from tftp server. Configure net 10.2.1.102:/sjpix634 (Error message: keypair will be invalid) write mem ca zeroize rsa ca generate rsa key 1024 Show ca mypubkey rsa ca save all wr mem reload

Looks good!