clearing a PIX config to TFTP new config

Posted on 2007-10-09
Last Modified: 2008-01-09
I'm attempting to delete a config for a 506E PIX running 6.3(4) and grab a new config from a tftp server because the device is being repositioned to another office (scripts are very similar).  I followed
but the "clear config all " doesn't seem to clear everything and instead does a partial merge.  How do I really, REALLY clear it?  

These are the console errors I get:

Config Error -- clear configuration all
Encrypted password is of incorrect length
invalid telnet password 'xxxxxxxxxxx':  must be exactly 16 bytes long
Config Error -- passwd xxxxxxxxx encrypted
ACE not added. Possible duplicate entry
ACE not added. Possible duplicate entry
ERROR: entry for address/mask = exists
Interface address is not on same subnet as DHCP pool
global for this range already exists
ERROR: Duplicate NAT entry
ERROR: fail to insert nat entry
.A pre-shared key for address netmask already exists!
Error: Key insert failed.
ERROR: entry for address/mask = exists

Config Failed
tftp: Unspecified Error
Question by:thefumbler
    LVL 79

    Accepted Solution

    >clear configuration all
    It is not "configuration" but rather "configure"
    i.e.   clear configure all
    This resets to defaults, so you have to re-arrange your config just a little and change dhcpd first.
    Also, remember to edit the config to include actual passwords, and not the **** placeholders in the copied config.
     enable password <password> encrypted
     passwd <password> encrypted

    YES (leave off word "encrypted")
    clear configure all
    no dhcpd enable inside
    no dhcpd address inside
    enable password <password>
    passwd <password>

    ! begin the rest of the actual config here:

    LVL 1

    Author Comment

    That worked much better, thanks lrmoore.  Only 2 console messages this time but they seem minor...
    #1 -Cannot select private key
    #2 -outside interface address added to PAT pool

    For #1, I figured I should generate a new key and used "ca generate rsa 512" to do so.   Using 'show ca mypubkey rsa' a key now appears.   Is that correct?   I have half a sense, but what is it used for?

    And I bet the #2 line is just informational as the script was being processed, right?
    LVL 79

    Expert Comment

    Yes to both. Generating a new rsa key will allow you to use ssh to access the PIX. #2 is just informational - correct.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
    There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now