Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 403
  • Last Modified:

Cisco FireWall Backup and Restore to

Hello,

we have a Cisco PIX 525 and we recently acquired another for backup purposes.

Now i would like to restore the Config onto the spare PiX.
i know they both have different image version.
Can i Backup the Image from  Production PiX and Restore it onto the Spare PiX
what is the simplest way of achieving identical settings on the spare, so it is simple question of replacing the production one if it fails in future.

Thanks in advance
0
icdl101
Asked:
icdl101
  • 4
  • 4
1 Solution
 
InfamusCommented:
If you have two PIX, I would suggest configure them as primary and secondary for failover.

Here's the instruction.

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/failover.html
0
 
InfamusCommented:
If you still want the second PIX as spare in case the current PIX fails in the future, you will need to have BOTH devices have same software version installed.

Here is how to backup and restore using TFTP server.


1.Backing up to TFTP server (10.1.1.15)

pix#copy running-config tftp
Address or name of remote host []? 10.1.1.15
Destination filename [pix-confg]? backup_cfg_for_pix (assign file name)

2.Restore from TFTP server

pix#copy tftp running-config
Address or name of remote host []? 10.1.1.15
Source filename []? backup_cfg_for_pix (same name you assigned when you backup)
Destination filename [running-config]? <enter>

write mem
0
 
icdl101Author Commented:
i cannot use as a primary and secondary failover as i do not have the necessary add on cards for the Spare.

Thanks for the Config Step by Step.

How about the image version can i backup image from the Production Firewall and and copy it to the Spare ?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
InfamusCommented:
Yes.

First you need to configure IP on the LAN interfacce of secondary PIX.

I wouldn't plug in secondary PIX on the production network, I would just give it temp IP first. (192.168.1.1/24)

pixfirewall1#copy flash TFTP
Address or name of remote host [127.0.0.1]? 10.1.1.15
Source file name [cdisk]?pix611.bin (name of the image file)
copying tftp://10.1.1.15/pix611.bin to flash
[yes|no|again]?yes

Plug in your laptop (TFTP server) and configure NIC IP to same subnet as secondary PIX.
(192.168.1.101)

pixfirewall2#copy tftp flash
Address or name of remote host [127.0.0.1]? 192.168.1.101/24
Source file name [cdisk]?pix611.bin
copying tftp://192.168.1.101/pix611.bin to flash
[yes|no|again]?yes

reload
0
 
icdl101Author Commented:
thanks perfect.

Does the PiX support  copy flash to USB command ?
0
 
InfamusCommented:
I believe so, does it have USB port?

Try dir and look at the result.
0
 
icdl101Author Commented:
The USB port on the PIX Firewall is a dummy port.
 It can not be enabled because it does not perform any function.
It is reserved for future use.
0
 
icdl101Author Commented:
Thank you for your prompt and precise answers
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now