We help IT Professionals succeed at work.

clearing a PIX config to TFTP new config

thefumbler
thefumbler asked
on
1,957 Views
Last Modified: 2008-01-09
I'm attempting to delete a config for a 506E PIX running 6.3(4) and grab a new config from a tftp server because the device is being repositioned to another office (scripts are very similar).  I followed
https://www.experts-exchange.com/Security/Software_Firewalls/Q_21984010.html 
but the "clear config all " doesn't seem to clear everything and instead does a partial merge.  How do I really, REALLY clear it?  

These are the console errors I get:

Config Error -- clear configuration all
Encrypted password is of incorrect length
invalid telnet password 'xxxxxxxxxxx':  must be exactly 16 bytes long
Config Error -- passwd xxxxxxxxx encrypted
ACE not added. Possible duplicate entry
ACE not added. Possible duplicate entry
ERROR: entry for address/mask = 192.168.5.0/255.255.255.0 exists
Interface address is not on same subnet as DHCP pool
global for this range already exists
ERROR: Duplicate NAT entry
ERROR: fail to insert nat entry
.A pre-shared key for address 12.126.232.134 netmask 255.255.255.255 already exists!
Error: Key insert failed.
ERROR: entry for address/mask = 192.168.5.0/255.255.255.0 exists

Config Failed
tftp: Unspecified Error
Comment
Watch Question

Sr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
That worked much better, thanks lrmoore.  Only 2 console messages this time but they seem minor...
#1 -Cannot select private key
#2 -outside interface address added to PAT pool

For #1, I figured I should generate a new key and used "ca generate rsa 512" to do so.   Using 'show ca mypubkey rsa' a key now appears.   Is that correct?   I have half a sense, but what is it used for?

And I bet the #2 line is just informational as the script was being processed, right?
Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:
Yes to both. Generating a new rsa key will allow you to use ssh to access the PIX. #2 is just informational - correct.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.