07-13-2010 10:53 AM
I have an SSG 140 in my office with a collection of route-based VPN tunnels.
All of these tunnels use the add-on T1 card (serial 1/0) as outgoing interface.
We are planning on moving this SSG 140 to our ISP datacenter in order.
The SSG will maintain the same public IP pool, but instead of using the T1 card, we will be using one of the ethernet interfaces.
Is there an easy way (CLI ?) to modify the SSG configuration to use ethernet 0/1 (for ex.) instead or serial 1/0 as the outgoing interface for all configured VPN gateways?
Solved! Go to Solution.
07-14-2010 04:49 AM
I think the easiest method would be to download the configuration file and do a search and replace for the outgoing interface in the gateway.
The configuration can be downloaded under:
This is also where you will apply the revised configuration with the replace option.
The Gateway command statement sample is like this:
set ike gateway "GatewayRemote1" address remote1.site.com Main outgoing-interface "ethernet0/1" preshare "K8cYqf+6NFYhCoHjw2J8nulQvn5Q==" sec-level standard
You would use search and replace a unique pattern from say outgoing-interface through preshare
outgoing-interface "serial1/0" preshare
outgoing-interface "ethernet0/1" preshare
Double check the matching pattern with your file. Then confirm the file looks good by using the compare file function in your word processor. This will highlight all the differences so you can see that only these commands changed.
Then upload it when you move the firewall with the replace option.
Senior IP Engineer - DQE Communications Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCDA JNCDS-DC JNCDS-SEC
ACE PanOS 6