Screen OS

I have an SSG 140 in my office with a collection of route-based VPN tunnels.

All of these tunnels use the add-on T1 card (serial 1/0) as outgoing interface.

We are planning on moving this SSG 140 to our ISP datacenter in order.

The SSG will maintain the same public IP pool, but instead of using the T1 card, we will be using one of the ethernet interfaces.

Is there an easy way (CLI ?) to modify the SSG configuration to use ethernet 0/1 (for ex.) instead or serial 1/0 as the outgoing interface for all configured VPN gateways?

Thanks.

I think the easiest method would be to download the configuration file and do a search and replace for the outgoing interface in the gateway.

The configuration can be downloaded under:

Configureat--Update--Config File

This is also where you will apply the revised configuration with the replace option.

The Gateway command statement sample is like this:

set ike gateway "GatewayRemote1" address remote1.site.com Main outgoing-interface "ethernet0/1" preshare "K8cYqf+6NFYhCoHjw2J8nulQvn5Q==" sec-level standard

You would use search and replace a unique pattern from say outgoing-interface through preshare

outgoing-interface "serial1/0" preshare

to

outgoing-interface "ethernet0/1" preshare

Double check the matching pattern with your file.  Then confirm the file looks good by using the compare file function in your word processor.  This will highlight all the differences so you can see that only these commands changed.

Then upload it when you move the firewall with the replace option.

Yes, that's what I figured would be the simplest.

Thanks for the reply...