PIX Configuration Question

Harry Whitehouse Sun, 03 Sep 2000 17:05:08 -0700
Hi all!

I have two PIX 520's -- a 128 licence unit with a VPN card, the other
(unlimited licence) without.  I'm trying to copy a configuration from the
VPN-equipped unit and move it to the non-VPN unit.  When I attempt to load
the configuration on the non-VPN unit, the load fails because the required
card/software/whatever isn't installed.  That makes sense, but I don't know
how to get rid of the VPN-related commands in my configuration!

The tail end of my configuration is at the very end of this message.  I
suspect I have to remove the CRYPTO lines, but I don't know how.  NO
CRYPTO... doesn't seem to do it.  I'm also concerned about the 'sysopt' and
'isakmp' command lines -- should I remove them (and how)?  I don't find
references to these in my documentation.  I'm running PIX 5.0 on both boxes,
BTW.

My second question is related.  If I want to move the VPN capability to the
other (unlimited licence) PIX, what's involved?  Do I just move the card
over?

TIA

Harry




...
conduit permit tcp host 38.168.115.44 eq 443 any
no rip outside passive
no rip outside default
no rip inside passive
no rip inside default
no rip dmz passive
no rip dmz default
route outside 0.0.0.0 0.0.0.0 38.168.115.1 1
timeout xlate 0:15:00 conn 0:30:00 half-closed 0:10:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community aahp
no snmp-server enable traps
no floodguard enable
sysopt connection permit-ipsec
sysopt ipsec pl-compatible
crypto ipsec transform-set strong-des esp-des esp-sha-hmac
crypto dynamic-map cisco 10 set transform-set strong-des
crypto map partner-map 10 ipsec-isakmp dynamic cisco
crypto map partner-map client configuration address initiate
crypto map partner-map client configuration address respond
crypto map partner-map interface outside
isakmp enable outside
isakmp enable inside
telnet timeout 60
terminal width 80
Cryptochecksum:0326768f9bd7e09fa447d1a5a5c516fd
pixfirewall(config)#








Harry Whitehouse

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
PIX Configuration Question

Reply via email to
