adpro
asked on
Upgrading from pix501 to 515e question
We have a pix501 with 6.3(5) We are going to change the device out for a 515e also with 6.3(5)
My question is whats the best way to copy the config over to the new device so all our configurations work they way they should? I tried to use the PDM but the 515e isnt working the same way the 501 was. THe main issue is the following. on the ouside interface of the PIX501 i have three differnt public IPS that have certian ports forwared to differnt internal servers. This behavior doesnt want to work on the 515e. THis is the Config from the 501 in question that works just fine on the 501 but when i copy and paste to the 515e the routes to the 192.168.101.4 server do not work matter of fact when i copy this to the 515e the 192.168.101.4 server loses internet access until i remove the following line "static (inside,outside) XX.XX.206.36 exch-server netmask 255.255.255.255 0 0 "
name 192.168.101.2 web-server
name 192.168.101.4 exch-server
access-list outside_access_in2 permit tcp any interface outside eq www
access-list outside_access_in2 permit tcp any interface outside eq https
access-list outside_access_in2 permit tcp any interface outside eq pptp
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq smtp
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq www
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq https
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq pptp
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq ftp
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq 990
access-list outside_access_in2 permit tcp any host XX.XX.206.36 range 1024 1050
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq 4343
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq pop3
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq 4433
access-list outside_access_in2 permit tcp any host XX.XX.206.37 eq www
access-list outside_access_in2 permit tcp any host XX.XX.206.37 eq https
ip address outside XX.XX.206.35 255.255.255.224
ip address inside 192.168.101.1 255.255.255.0
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3389 web-server 3389 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 1723 web-server 1723 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 192.168.101.204 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https 192.168.101.204 https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pptp web-server pptp netmask 255.255.255.255 0 0
static (inside,outside) XX.XX.206.36 exch-server netmask 255.255.255.255 0 0
static (inside,outside) XX.XX.206.37 192.168.101.205 netmask 255.255.255.255 0 0
access-group outside_access_in2 in interface outside
route outside 0.0.0.0 0.0.0.0 XX.XX.206.33 1
My question is whats the best way to copy the config over to the new device so all our configurations work they way they should? I tried to use the PDM but the 515e isnt working the same way the 501 was. THe main issue is the following. on the ouside interface of the PIX501 i have three differnt public IPS that have certian ports forwared to differnt internal servers. This behavior doesnt want to work on the 515e. THis is the Config from the 501 in question that works just fine on the 501 but when i copy and paste to the 515e the routes to the 192.168.101.4 server do not work matter of fact when i copy this to the 515e the 192.168.101.4 server loses internet access until i remove the following line "static (inside,outside) XX.XX.206.36 exch-server netmask 255.255.255.255 0 0 "
name 192.168.101.2 web-server
name 192.168.101.4 exch-server
access-list outside_access_in2 permit tcp any interface outside eq www
access-list outside_access_in2 permit tcp any interface outside eq https
access-list outside_access_in2 permit tcp any interface outside eq pptp
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq smtp
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq www
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq https
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq pptp
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq ftp
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq 990
access-list outside_access_in2 permit tcp any host XX.XX.206.36 range 1024 1050
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq 4343
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq pop3
access-list outside_access_in2 permit tcp any host XX.XX.206.36 eq 4433
access-list outside_access_in2 permit tcp any host XX.XX.206.37 eq www
access-list outside_access_in2 permit tcp any host XX.XX.206.37 eq https
ip address outside XX.XX.206.35 255.255.255.224
ip address inside 192.168.101.1 255.255.255.0
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3389 web-server 3389 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 1723 web-server 1723 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 192.168.101.204 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https 192.168.101.204 https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pptp web-server pptp netmask 255.255.255.255 0 0
static (inside,outside) XX.XX.206.36 exch-server netmask 255.255.255.255 0 0
static (inside,outside) XX.XX.206.37 192.168.101.205 netmask 255.255.255.255 0 0
access-group outside_access_in2 in interface outside
route outside 0.0.0.0 0.0.0.0 XX.XX.206.33 1
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.