PIX 515 change subnet:(

[m3the01]

How envolved is this? I see the mask plays a key role in 55 lines of our pix config file.

Is there anything other then replacing the lines with the same line as before with the new subnet mask?


thanks for your time,

there are also remote pix 506 connected to head office where the subnet needs expanding hence the need to change to the subnet mask on main offices PIX 515.

thanks again

 

[lgarner]

Not really. You might want to cut & paste, then search & replace to make sure you get everything (after making a backup, of course). For the VPN, make sure also to get the crypto ACLs on both sides.

 

[m3the01]

I took the entire 'show config' printout and the 'show interface' printout. The crypto mapsare for the tunnels, there really shouldne be anything there to change. A for instance scenario would be nice.

Is there a way to do a electronic backup and recovery on the PIX 515? I always just done the copy paste backups because the PIX excepts entire config files all at once.

thanks for the help,

 

[lgarner]

write net" and "config net" are *roughly* equivalent to "copy flash tftp" and vice-versa. The "config net" merges the config into the running-config rather than replacing it.

The crypto ACLs determine which traffic goes through the tunnel. If you're changing the subnet mask on your LAN, then these ACLs might need to change to match.

 

[m3the01]

Yeah im pretty sure i dont need to, looking at the config and the pix515 cisco manual under cryptos subnet doesnt seem to play a role. Never know though.

thanks for the input