Replacing a PIX 515E with a PIX 515

Replacing a PIX 515E with a PIX 515
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Replacing a PIX 515E with a PIX 515 Dustin 11-05-2005
Posted by Dustin on November 5, 2005, 5:44 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I have a PIX 515E that I am currently using as our main firewall,
attached to a T1. I am getting a 4mb connection (over 10mb ethernet)
at a colo facility, and I would like to move this PIX 515E over there.
In order to do this, I need to take a PIX 515 that I have and get it to
work identically. I have copy/pasted the config from the 515E to the
515, I have copy the 515E's config to a tftp server, and then download
it to the 515 by tftp. The PIX 515 is somewhat functional.

Each unit has 64MB RAM, 16MB Flash, UR License, VAC card, and 4 FE
card. The 515E has PIX OS 6.3(4), and the 515 has PIX OS 6.3(5). I
have used a diff to see if there are any major changes after loading,
and I see none. The PIX 515 works for access from Inside to DMZ and
Outside, and from the DMZ to Outside... but none of the ACLs work for
traffic from Outside to DMZ or Inside, or DMZ to Inside.

Any ideas?


Thanks,
Dustin



Posted by Matty M on November 5, 2005, 2:41 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>I have a PIX 515E that I am currently using as our main firewall,
> attached to a T1. I am getting a 4mb connection (over 10mb ethernet)
> at a colo facility, and I would like to move this PIX 515E over there.
> In order to do this, I need to take a PIX 515 that I have and get it to
> work identically. I have copy/pasted the config from the 515E to the
> 515, I have copy the 515E's config to a tftp server, and then download
> it to the 515 by tftp. The PIX 515 is somewhat functional.
>
> Each unit has 64MB RAM, 16MB Flash, UR License, VAC card, and 4 FE
> card. The 515E has PIX OS 6.3(4), and the 515 has PIX OS 6.3(5). I
> have used a diff to see if there are any major changes after loading,
> and I see none. The PIX 515 works for access from Inside to DMZ and
> Outside, and from the DMZ to Outside... but none of the ACLs work for
> traffic from Outside to DMZ or Inside, or DMZ to Inside.
>
> Any ideas?
>
>
> Thanks,
> Dustin
>

Hi,

Should be identical. The only difference would be the 515E has a faster CPU
and can take more RAM from memory. Are all the interfaces called the same on
both PIX's? It maybe that your access lists arent bound to the right names
of the interface cards.

Cheers

Matt




Posted by Dustin on November 8, 2005, 1:34 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I spoke with someone from TAC. She recommended that we reset the ARP
cache on our router. I did not think that this was a possible reason,
at first, because the PIX was forwarding outbound traffic properly.
Because of this, I was pretty sure that the ARP information has been
reset.

After looking at the ARP cache on our router, I saw that the default
cache is 4 hours, and that each IP that was being translated had a
separate entry (which does make sense). It is odd how you never really
think about certain basic things, because they rarely present problems.

I am going to make another go of it tomorrow morning, and I am going to
look at the ARP cache and reset if necesary.



Posted by Matty M on November 8, 2005, 11:06 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>I spoke with someone from TAC. She recommended that we reset the ARP
> cache on our router. I did not think that this was a possible reason,
> at first, because the PIX was forwarding outbound traffic properly.
> Because of this, I was pretty sure that the ARP information has been
> reset.
>
> After looking at the ARP cache on our router, I saw that the default
> cache is 4 hours, and that each IP that was being translated had a
> separate entry (which does make sense). It is odd how you never really
> think about certain basic things, because they rarely present problems.
>
> I am going to make another go of it tomorrow morning, and I am going to
> look at the ARP cache and reset if necesary.
>

I was under the impression that the ARP cleared itself after a while or even
when you switch the PIX on/reboot it. I know that clear xlate is a good one
when your changing access lists but I thought they were not working at all
when you turned the PIX on?

Cheers

Matt




Similar ThreadsPosted
ASA replacing PIX August 19, 2006, 10:16 pm
Replacing 501 with a 515 February 5, 2007, 7:25 am
Replacing Flash Memory June 29, 2007, 4:35 am
Replacing an old 4700 router October 17, 2008, 7:04 am
PIX issue after replacing new public IP addresses March 14, 2005, 1:02 pm
Replacing ISP managed router in office November 29, 2006, 2:09 pm
Replacing configurations with encrypted passwords February 27, 2008, 4:16 pm
Replacing a startup-config on a Cisco PIX June 13, 2008, 12:07 am
Replacing pix515 with ASA5510 results into MTU problems. May 10, 2006, 9:28 am
Replacing compact flash card on Cisco Concentrator September 14, 2006, 11:25 am

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map