Hi Harry,
to copy a configuration from your VPN-machine simply cut and paste it into
a text file. Then you ll have to delete every single line that has got to do
something with VPN (this includes the "crypto", "isakmp" and the two "sysopt"
commands). I dont exactly know what you mean by "VPN card". There was
a so called "Private Link" Card, but your configuration doesnt look like you
are using one of these. VPN runs with any Interface Card, as long as you have
the correct activation key (read "license").
Before copying your modified (without crypto-commands) configuration you should
>write erase and >reload the other PIX. This erases the current config. Then
cut and paste the configuration and it should work. This should work, if there are
still errors, it would help if you post the exact error-message.
Greetings
Sascha
--------------------------------------------------------------------------------
Sascha Weigelmann Email: [EMAIL PROTECTED]
Tel.: +49 6172-288-383
Mobil 0170-5778857
Fax: +49 6172-288-402
ADS System AG http://www.ads.de
Siemensstr. 25a
D-61352 Bad Homburg
The Network Service Company
--------------------------------------------------------------------------------
>>> "Harry Whitehouse" <[EMAIL PROTECTED]> 09/04/00 02:06am >>>
Hi all!
I have two PIX 520's -- a 128 licence unit with a VPN card, the other
(unlimited licence) without. I'm trying to copy a configuration from the
VPN-equipped unit and move it to the non-VPN unit. When I attempt to load
the configuration on the non-VPN unit, the load fails because the required
card/software/whatever isn't installed. That makes sense, but I don't know
how to get rid of the VPN-related commands in my configuration!
The tail end of my configuration is at the very end of this message. I
suspect I have to remove the CRYPTO lines, but I don't know how. NO
CRYPTO... doesn't seem to do it. I'm also concerned about the 'sysopt' and
'isakmp' command lines -- should I remove them (and how)? I don't find
references to these in my documentation. I'm running PIX 5.0 on both boxes,
BTW.
My second question is related. If I want to move the VPN capability to the
other (unlimited licence) PIX, what's involved? Do I just move the card
over?
TIA
Harry
...
conduit permit tcp host 38.168.115.44 eq 443 any
no rip outside passive
no rip outside default
no rip inside passive
no rip inside default
no rip dmz passive
no rip dmz default
route outside 0.0.0.0 0.0.0.0 38.168.115.1 1
timeout xlate 0:15:00 conn 0:30:00 half-closed 0:10:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community aahp
no snmp-server enable traps
no floodguard enable
sysopt connection permit-ipsec
sysopt ipsec pl-compatible
crypto ipsec transform-set strong-des esp-des esp-sha-hmac
crypto dynamic-map cisco 10 set transform-set strong-des
crypto map partner-map 10 ipsec-isakmp dynamic cisco
crypto map partner-map client configuration address initiate
crypto map partner-map client configuration address respond
crypto map partner-map interface outside
isakmp enable outside
isakmp enable inside
telnet timeout 60
terminal width 80
Cryptochecksum:0326768f9bd7e09fa447d1a5a5c516fd
pixfirewall(config)#
Harry Whitehouse
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
