Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
805
Views
0
Helpful
2
Replies

PIX 505 to 515E swap

sharring
Level 1
Level 1

‎06-21-2007 07:15 AM - edited ‎03-11-2019 03:33 AM

Hi there,

I am in the process of swapping out a PIX 505 running 5.0(2) to a 515E running 7.2(2). After attempting to convert the older configuration I have not been able to get the new model to work correctly. Even without any ACL applied I cannot get traffic to pass through the PIX. The interface configuration and routing is the same as that on the older model. Any suggestions are greatly appreciated!

ESCPIX# show config

: Saved

: Written by enable_15 at 06:37:41.748 UTC Thu Jun 21 2007

!

PIX Version 7.2(2)

!

hostname ESCPIX

domain-name fuhsd.org

enable password xxx

names

!

interface Ethernet0

speed 100

duplex full

nameif outside

security-level 0

ip address 205.x.x.2 255.255.255.0

!

interface Ethernet1

speed 100

duplex full

nameif inside

security-level 100

ip address 192.168.200.2 255.255.255.0

!

passwd xxx

ftp mode passive

dns server-group DefaultDNS

domain-name fuhsd.org

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image flash:/asdm-522.bin

asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 10.190.155.0 255.255.255.0

nat (inside) 0 204.88.146.0 255.255.255.0

nat (inside) 0 204.88.158.0 255.255.255.0

nat (inside) 0 205.173.40.0 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.x.x.173.47.1 1

route inside 204.88.158.x.x.255.0 192.168.200.1 1

route inside 10.190.155.0 255.255.255.240 192.168.200.1 1

route inside 172.31.0.0 255.255.0.0 192.168.200.1 1

route inside 172.30.0.0 255.255.0.0 192.168.200.1 1

route inside 172.29.0.0 255.255.0.0 192.168.200.1 1

route inside 172.28.0.0 255.255.0.0 192.168.200.1 1

route inside 172.27.0.0 255.255.0.0 192.168.200.1 1

route inside 172.26.0.0 255.255.0.0 192.168.200.1 1

route inside 10.10.30.0 255.255.255.0 192.168.200.1 1

route inside 205.173.41.0 255.255.255.0 192.168.200.1 1

route inside 205.173.42.0 255.255.255.0 192.168.200.1 1

route inside 205.173.43.0 255.255.255.0 192.168.200.1 1

route inside 205.173.44.0 255.255.255.0 192.168.200.1 1

route inside 205.173.45.0 255.255.255.0 192.168.200.1 1

route inside 172.16.0.0 255.255.0.0 192.168.200.1 1

route inside 172.17.0.0 255.255.0.0 192.168.200.1 1

route inside 172.18.0.0 255.255.0.0 192.168.200.1 1

route inside 172.19.0.0 255.255.0.0 192.168.200.1 1

route inside 172.20.0.0 255.255.0.0 192.168.200.1 1

route inside 172.21.0.0 255.255.0.0 192.168.200.1 1

route inside 192.168.40.0 255.255.255.0 192.168.200.1 1

route inside 192.168.16.0 255.255.255.0 192.168.200.1 1

route inside 204.88.146.224 255.255.255.240 192.168.200.1 1

route inside 172.22.0.0 255.255.0.0 192.168.200.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet 205.x.x.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:xxx

Labels:
0 Helpful
2 Replies 2

JORGE RODRIGUEZ
Level 10
Level 10

‎06-21-2007 09:59 AM

basic question !! when you do " show interfaces " what is their up/down status.

also, from within the pix can you ping all of your interfaces or not.

Jorge Rodriguez
0 Helpful

sharring
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎06-21-2007 10:12 AM

Thanks for replying.

When I make the swap the interfaces show as up, but show traffic has zeroes across the board. Also, the ping I am running to the internal interface ip address fails after I make the swap. However I have confirmed the physical interface is okay by changing the ip address and connecting to our network. I have the PIX disconnected now and when I try to ping either interface from within the PIX via console I get a "No route to host" message. Not sure if that is normal or not.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card