[c-nsp] Pix upload config

Fri Aug 20 12:49:43 EDT 2004

Ian.

I tried this and the "tftp-server" and "copy" commands
are only intended for FLASH o PDM upgrades or "write net",
but cannot do a "conf net" on a PIX (version 6.2)

I developed a sheel script to generate an expect script
to connect via SSH to the pix and do a "conf t" and
all the "access-lists" commands by CLI....

this is a huge problem, because from the time I enter
"no access-list acl_outside", then "access-list...etc",
until I apply the "new" ACL with "access-group", the
PIX denies ALL traffic...which is about 2 minutes with
my long ACL... ;)

regards,

Ian Dickinson wrote:

> You can do this, but you must predefine the server etc...
> 
> tftp-server outside <IPaddress> <Pathname>
> 
> Ian
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of chris neill
> Sent: 19 August 2004 23:30
> To: Marcelo Maraboli
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Pix upload config
> 
> 
> you have to conf net from a tftp server on a secure dmz..
> 
> On Thu, Aug 19, 2004 at 05:48:08PM -0400, Marcelo Maraboli wrote:
> 
>>Hi
>>
>>I cannot find a way to upload a config file to a 525 PIX,
>>just like the "conf net" on a IOS Cisco Router from a TFTP
>>server.....
>>
>>is that too unsecure that the PIX has to be configured
>>manually ??? (by "conf t" each time ??)
>>
>>regards,
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 

-- 
Marcelo Maraboli Rosselott
Jefe Area de Redes           (Network & UNIX Systems Administrator)
Ingeniero Civil Electronico                   (Electronic Engineer)

Direccion Central de Servicios Computacionales (DCSC)
Universidad Tecnica Federico Santa Maria, Chile.
phone: +56 32 654237
mailto:marcelo.maraboli at dcsc.utfsm.cl	http://elqui.dcsc.utfsm.cl/