ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

VPN configuration change: moving outgoing interface from serial 1/0 to ethernet 0/1

07.13.10   |  
‎07-13-2010 10:53 AM

I have an SSG 140 in my office with a collection of route-based VPN tunnels.

All of these tunnels use the add-on T1 card (serial 1/0) as outgoing interface.

 

We are planning on moving this SSG 140 to our ISP datacenter in order.

The SSG will maintain the same public IP pool, but instead of using the T1 card, we will be using one of the ethernet interfaces.

 

Is there an easy way (CLI ?) to modify the SSG configuration to use ethernet 0/1 (for ex.) instead or serial 1/0 as the outgoing interface for all configured VPN gateways?

 

Thanks.

2 REPLIES
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: VPN configuration change: moving outgoing interface from serial 1/0 to ethernet 0/1

07.14.10   |  
‎07-14-2010 04:49 AM

I think the easiest method would be to download the configuration file and do a search and replace for the outgoing interface in the gateway.

 

The configuration can be downloaded under:

Configureat--Update--Config File

 

This is also where you will apply the revised configuration with the replace option.

 

The Gateway command statement sample is like this:

 

set ike gateway "GatewayRemote1" address remote1.site.com Main outgoing-interface "ethernet0/1" preshare "K8cYqf+6NFYhCoHjw2J8nulQvn5Q==" sec-level standard

 

You would use search and replace a unique pattern from say outgoing-interface through preshare

 

outgoing-interface "serial1/0" preshare

to

outgoing-interface "ethernet0/1" preshare

 

Double check the matching pattern with your file.  Then confirm the file looks good by using the compare file function in your word processor.  This will highlight all the differences so you can see that only these commands changed.

 

Then upload it when you move the firewall with the replace option.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home
ScreenOS Firewalls (NOT SRX)

Re: VPN configuration change: moving outgoing interface from serial 1/0 to ethernet 0/1

07.14.10   |  
‎07-14-2010 05:34 AM

Yes, that's what I figured would be the simplest.

Thanks for the reply...