Unfortuantly you can't copy this.
In version 3 the file chap-secrets had the password details.
In version 4, this is also the case, but it is populated from the web interface, and as such any changes to this file in version4 will be overwritten.
So you can see what the passwords are in both versions by viewing chap-secrets, but you will need to enter them manually to 'copy' them.
note this is different from upgrading and migrating from version 3 to 4. If you upgrade to verson 4 on a version 3 unit, the passwords will be migrated to version 4.
Hope this helps.
Thanks for the reply. Not a surprise.
Is upgrading/migrating from version 3 to 4 a wise choice? It would certainly save me a bunch of work. We have a bunch of VPN users, a few IPSEC tunnels, and a "few" words in URL Block (for example MySpace). I could have a minimally configured 560 with 4.0.5 ready to go if the upgrade/migration failed.
Version 3 will not be updated in the future if the product has version 4 firmware available.
As such on the 560 you have, if there are security updates that need to be applied, they will only be applied to version 4.
So if may be/probably be inevitable that you will need to go to version 4 eventually.
I syuggest you take a backup under version 3, then upgrade to version 4.
And if you do have issues you can downgrade to version 3 again and restore your backup.
If you do need to do this, it would be great if you can let tech support know of the issues and be able to grab version 4 diagnostics before you downgrade.
But I do expect you will find the upgrade to be quiet painless.
I wasn't very clear when I asked if upgrading/migrating was a wise idea. I should have asked if upgrading/migrating rather than wiping the configuration and flashing the firmware was a wise choice. Sometimes I have to remember even the best techs can't read minds! I don't like the idea of staying with old firmware, although I don't like to be on the bleeding edge, either.
I will give the upgrade/migration a try. Since I have a spare, perhaps the smart method would be to configure the spare with the same version on the production 560, backup the existing configuration, restore it to the spare and then migrate the production to 4.0.5. This should reduce the stress, and allow me to grab a TSR if I have problems. I can't wait to see what happens to the exisiting users which are a combination of administrators and VPN users.
Thanks for all the help.
You can save yourself one step by restoring the 3.x config into a device that's already running 4.0.5. It will force the 3.x config to be migrated to 4.0 during the reboot.
ie. just put 4.0.5 onto your second 560 without regard to its current config. Then restore the 3.x config you care about onto that 4.0.5 device and that'll soon tell you whether its going to be a smooth transition. And of course, if it isn't, we would appreciate some before/after TSR's.
Happy New Year
Have not placed upgraded unit into use yet. Found one oddity. Users which had VPN rights under 3.1.6 seem to have some odd rights under 4.0.5. TSR's attached.
Any comments before I take the upgraded unit live?
Are the TSR's available to everyone, not just McAfee and myself.
Let me know about the TSR availabiltiy, and if available to everyone, where I can send them. If they are not available to everyone, then I will edit and attach.
User rights is one area that has changed significantly under 4.x compared to version 3, so there looks like there is an issue there potentially.
I suggest you contact technical support if you have issues with the upgrade user rights or any other specific issues.
We prefer not to see support reports here. Instead use our support engineers.