Advertisement

09.04.2008 at 12:15PM PDT, ID: 23703914
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.1

Changes to IP address of an interface on a CISCO PIX 515 firewall

Asked by frank_nye in Cisco PIX Firewall, Network Software Firewalls, Networking Hardware Firewalls

We have a PIX 515 firewall and due to a new VLAN we are creating (on a connected CISCO switch)with a different subnet mask (increasing our IP's up to 1022 from our current 255) I need to change the IP address of one of the interfaces on the PIX from 10.0.3.1 255.255.255.0 to 10.0.8.1 with a subnet mask of 255.255.252.0 (note that is .252 instead of .255) .  

I currently do most of my work on the PIX through the praphical user's interface (GUI) of the PDM software rather than using the command line.  Can I just use the GUI to make the change to the interface address?  We have 3 other interfaces that run on this PIX and I'm hoping not to cause any problems by changing the IP address of this one interface that would affect those users.

Through the GUI, I would select the Configuration option, then choose the Translation Rules tab, highlight the interface I want to change (intf3 in this case), select the Rules option and the choose Edit.  That gets me to the Edit Address Translation Rule screen.    This is where I want to be careful as it seems like I could just change the IP address but I'm not sure if I did that if there is any chance it might effect any of the other interfaces.  For example, does it require a restart of the PIX to change the address of an active interface?  

On the lower half of that GUI screen, there is a section entitled "Translate Address on Interface".  We currently use Dynamic and we have 3 Pool ID's.  Pool ID 3 is the one that relates to the interface (intf3) which we are going to assign a new internal IP address to  Pool ID 3 has an external address of 63.175.30.212.  Would I have to make any change to the associated Pool ID.  Someone said I should create a new Pool ID 8 (as our new VLAN is called VLAN 8) and assinge that same address to it (as we will no longer be using VLAN 3).

Perhaps this will be easier if I provide the code snippets from our current running config and the show you what I want to end up with.  If you think it would be easier to do this from the command line instead of the GUI, please let me know the proper way to do that.

Please see the attached code snippet and thanks for any infomration you can provide. Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:

Here is what we currently run
------------------------------
ip address intf 10.0.3.1  255.255.255.0
global (outside) 3 65.165.30.212 netmask 255.255.255.255
global Iintf3) 3 65.165.30.212
nat (intf3) 3 10.0.3.0 255.255.255.0 0 0
 
 
Here is what I want to end up with
---------------------------------
ip address intf 10.0.8.1  255.255.252.0
global (outside) 8 65.165.30.212 netmask 255.255.255.255
global Iintf3) 8 65.165.30.212
nat (intf3) 8 10.0.8.0 255.255.252.0 0 0
[+][-]09.04.2008 at 01:33PM PDT, ID: 22392405

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09.04.2008 at 05:39PM PDT, ID: 22394237

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09.04.2008 at 06:28PM PDT, ID: 22394454

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09.04.2008 at 07:11PM PDT, ID: 22394619

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09.05.2008 at 04:11AM PDT, ID: 22397286

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09.05.2008 at 04:26AM PDT, ID: 22397414

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Cisco PIX Firewall, Network Software Firewalls, Networking Hardware Firewalls
Sign Up Now!
Solution Provided By: decoleur
Participating Experts: 2
Solution Grade: A
 
 
[+][-]09.05.2008 at 06:14AM PDT, ID: 22398463

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09.05.2008 at 06:28AM PDT, ID: 22398627

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09.05.2008 at 06:37AM PDT, ID: 22398735

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09.05.2008 at 06:57AM PDT, ID: 22398939

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628