[c-nsp] Renaming interfaces on a PIX 525

Justin Shore justin at justinshore.com
Wed Jul 23 19:44:34 EDT 2008 

Michael K. Smith - Adhost wrote:
> You will have to rename the Ethernet interface first, which will break a lot of stuff, then name the Gigabit Ethernet interface, which will *not* un-break anything.  After you change the name you will have to do the following:
> 
> 1) Reenter your statics (they will go away when you un-name E0)
> 2) Re-apply your access-group command for any ACL's your outside ACL
> 3) Re-enter any admin outside access (ssh, http, etc.)
> 4) Re-apply your global statement if used.
> 5) Clear ARP on your upstream device(s).  
> 
> Make sure you have a backup and that you're doing this from either console or the inside network.

Steven,

These guys pretty much summed it up already.  Renaming an interface on a 
PIX/ASA sucks.  I've been bit by this before too, only I didn't have the 
opportunity to ask if the PIX would freak out before I made the change. 
  An hour later I had everything working again.  I've made the feature 
request before for a simple way to change interface names but there 
hasn't been enough demand for it to warrant the work I'm afraid.  You 
would think it would be a fairly easy thing to implement though.

Michael's list is right on.  The only commands that I can think of that 
are missing from his list are mtu, ip verify, & crypto isakmp enable. 
Basically every single instance of the word "outside" in the config with 
the exception of ACL remarks, object-groups, and names (ie, instances 
that aren't CLI elements that require an interface name but are more 
textual in nature) will have to be re-entered.

You might be thinking that you can simply download a copy of the 
startup-config to a tftp server, modify it and upload it back over top 
of the startup-config (or running-config).  First off I can't remember 
where the startup-config is located on the PIX/ASAs or if it can be 
accessed.  Second, copying over top of the running-config merges the 
configs together.  You won't get the desired results.  In theory you 
could load all of your changes into a config file beginning with all the 
no's to all the statics and whatnot and follow that up with the new 
config.  Then when you do the tftp merge you should get what you want, I 
think.

I never found a quick way to modify the config.  If you could delete the 
config, reload and paste modified config back in via the console then 
that would be the fastest.

Good luck.
  Justin

More information about the cisco-nsp mailing list