Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX Config Update - Best Method 1

Status
Not open for further replies.
willscarlet

willscarlet

Technical User
Jul 10, 2002
30
0
0
GB
I have a PIX520 running version 6.2(1)

We are changing ISP and have been given new IP addresses and subnet.

The last time this happened I used show config and then copied the displayed lines into notepad. Then it was a case of search/replace to make the necessary changes. I then copy/pasted the whole config back to the PIX.

This worked until we added a site-to-site vpn connection at which point we discovered that the isakmp key lines had been put back with a string of asterisks in them, see example below. (This is how show config displays them)

isakmp key ******** address 111.222.333.444 netmask 255.255.255.255

This problem was sorted out for us by somebody else. I don't know what value to type in place of the asterisks and I don't need to change the isakmp lines anyway. Is there a way to change just the lines that I need to?

Below is the first line in the config that I need to change, how would I achieve that?

access-list acl-outside permit tcp any host 111.222.333.444 eq smtp

The 111.222.333.444 value needs to be changed to another value.

If I type this line in config mode will it enter it into the config but leave the original line in place?

As you can see I'm seriously in need of help.


 
Sort by date Sort by votes
Here is how I do it.

I would use notepad and copy the line above out of the config as follows,

access-list acl-outside permit tcp any host 111.222.333.444 eq smtp

After that I would take and copy the line again and add the word no in front of it:

no access-list acl-outside permit tcp any host 111.222.333.444 eq smtp

From there you are going to now modify your original line with the new value.

access-list acl-outside permit tcp any host xxx.xxx.xxx.xxx eq smtp

Once you have that finnished you go into the config command and paste the no access-list line. After pasteint that into the config then paste your new value address.

Then do a wr mem

That will write your new config to the Pix while you have all of your original info on the notepad. I hope this makes sense or if you would like more info please respond back.

Rook
 
Upvote 0 Downvote
Yeah I get it thanks Rookcr and thanks for the rapid reply.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Ailuin
  • Locked
  • Question
Best Residential proxy provider.
Replies
1
Views
129
AvivBes
AvivBes
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
146
Johnkite
Johnkite
tjbradford
  • Locked
  • Question
ASAX 5508 - basic config - packet loss
Replies
0
Views
47
tjbradford
tjbradford
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
36
xwray
xwray
RMurr34
  • Locked
  • Question
ASA Config - Open port 3389 for all IPs
Replies
1
Views
63
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top