Solved

Cisco FireWall Backup and Restore to

Posted on 2013-11-28
8
383 Views
Last Modified: 2013-11-28
Hello,

we have a Cisco PIX 525 and we recently acquired another for backup purposes.

Now i would like to restore the Config onto the spare PiX.
i know they both have different image version.
Can i Backup the Image from  Production PiX and Restore it onto the Spare PiX
what is the simplest way of achieving identical settings on the spare, so it is simple question of replacing the production one if it fails in future.

Thanks in advance
0
Comment
Question by:icdl101
  • 4
  • 4
8 Comments
 
LVL 12

Expert Comment

by:Infamus
Comment Utility
If you have two PIX, I would suggest configure them as primary and secondary for failover.

Here's the instruction.

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/failover.html
0
 
LVL 12

Expert Comment

by:Infamus
Comment Utility
If you still want the second PIX as spare in case the current PIX fails in the future, you will need to have BOTH devices have same software version installed.

Here is how to backup and restore using TFTP server.


1.Backing up to TFTP server (10.1.1.15)

pix#copy running-config tftp
Address or name of remote host []? 10.1.1.15
Destination filename [pix-confg]? backup_cfg_for_pix (assign file name)

2.Restore from TFTP server

pix#copy tftp running-config
Address or name of remote host []? 10.1.1.15
Source filename []? backup_cfg_for_pix (same name you assigned when you backup)
Destination filename [running-config]? <enter>

write mem
0
 

Author Comment

by:icdl101
Comment Utility
i cannot use as a primary and secondary failover as i do not have the necessary add on cards for the Spare.

Thanks for the Config Step by Step.

How about the image version can i backup image from the Production Firewall and and copy it to the Spare ?
0
 
LVL 12

Accepted Solution

by:
Infamus earned 500 total points
Comment Utility
Yes.

First you need to configure IP on the LAN interfacce of secondary PIX.

I wouldn't plug in secondary PIX on the production network, I would just give it temp IP first. (192.168.1.1/24)

pixfirewall1#copy flash TFTP
Address or name of remote host [127.0.0.1]? 10.1.1.15
Source file name [cdisk]?pix611.bin (name of the image file)
copying tftp://10.1.1.15/pix611.bin to flash
[yes|no|again]?yes

Plug in your laptop (TFTP server) and configure NIC IP to same subnet as secondary PIX.
(192.168.1.101)

pixfirewall2#copy tftp flash
Address or name of remote host [127.0.0.1]? 192.168.1.101/24
Source file name [cdisk]?pix611.bin
copying tftp://192.168.1.101/pix611.bin to flash
[yes|no|again]?yes

reload
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:icdl101
Comment Utility
thanks perfect.

Does the PiX support  copy flash to USB command ?
0
 
LVL 12

Expert Comment

by:Infamus
Comment Utility
I believe so, does it have USB port?

Try dir and look at the result.
0
 

Author Comment

by:icdl101
Comment Utility
The USB port on the PIX Firewall is a dummy port.
 It can not be enabled because it does not perform any function.
It is reserved for future use.
0
 

Author Closing Comment

by:icdl101
Comment Utility
Thank you for your prompt and precise answers
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now