Pix Firewall 6.x to 7.x configuration change
We just purchased a Cisco 5510 ASA running v. 7.x to replace an old Cisco PIX 520 we've had set up for ages. ALthough I know the 6.x syntax it turns out that it is very different from the 7.x syntax.
Access-List commands work fine but not my static commands, route commands, how do I name an interface (i.e. inside / outside) and forget about my VPN configuration. ERROR / ERROR / ERROR Here are some examples of what I have that I can't seem to get to work. IP's are all changed to protect the innocent:
route outside 0.0.0.0 0.0.0.0 68.11.67.188 1
http 192.168.1.0 255.255.255.0 inside
static (inside,outside) tcp 68.11.67.175 smtp 192.168.1.175 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp 68.11.67.176 3389 192.168.13.176 3389 netmask 255.255.255.255 0 0
I'm getting errors specifically with anything that uses inside and outside in the config like
p1fw01(config)# telnet 192.168.13.0 255.255.255.0 inside
^
ERROR: % Invalid input detected at '^' marker.
Access-List commands work fine but not my static commands, route commands, how do I name an interface (i.e. inside / outside) and forget about my VPN configuration. ERROR / ERROR / ERROR Here are some examples of what I have that I can't seem to get to work. IP's are all changed to protect the innocent:
route outside 0.0.0.0 0.0.0.0 68.11.67.188 1
http 192.168.1.0 255.255.255.0 inside
static (inside,outside) tcp 68.11.67.175 smtp 192.168.1.175 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp 68.11.67.176 3389 192.168.13.176 3389 netmask 255.255.255.255 0 0
I'm getting errors specifically with anything that uses inside and outside in the config like
p1fw01(config)# telnet 192.168.13.0 255.255.255.0 inside
^
ERROR: % Invalid input detected at '^' marker.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Unfortunately the 520 won't support 7.x or I would just update that one and copy the config over to the ASA - Unless I'm totally mistaken.
The 520 might if you have enough DRAM and flash. Can you post "show ver" from the 520?
it works well and syntax is correct.
please let me know, thanks!