mjalmassud
asked on
PIX 515 FireWall
hi there,
I have a firewal that has a NAT running, and I have it forwarding the traffic from Public IP Address to an Internal IP Addrss.
lets say that the Public Address is 212.212.212.212, and the internal IP Address is 192.168.1.100, which is the Web Server, with only port 80 opened.
I am trying to know to which interface is the 212.212.212.212 assigned, and how can I change the IP Address 192.168.1.100 to 192.168.1.200.
Can any body help me please???
MJ
I have a firewal that has a NAT running, and I have it forwarding the traffic from Public IP Address to an Internal IP Addrss.
lets say that the Public Address is 212.212.212.212, and the internal IP Address is 192.168.1.100, which is the Web Server, with only port 80 opened.
I am trying to know to which interface is the 212.212.212.212 assigned, and how can I change the IP Address 192.168.1.100 to 192.168.1.200.
Can any body help me please???
MJ
ASKER
thanks for the add.
I tried to use show run and shun, but it is not interacting with those two commands for some reason.
it is saying type help for a list of available commands.
I was in the mode after I enabled.
thanks
I tried to use show run and shun, but it is not interacting with those two commands for some reason.
it is saying type help for a list of available commands.
I was in the mode after I enabled.
thanks
try this....
recycle the firewall (and connect with the console cable)
at the initial prompt, type enable (sometimes you have to reboot to get htis to work).
recycle the firewall (and connect with the console cable)
at the initial prompt, type enable (sometimes you have to reboot to get htis to work).
ASKER
I will after 3 AM because they are in production and I can not recycle any of them at this moment.
thanks a lot buddy.
thanks a lot buddy.
you need to b ein config mode....
type
enable
then input the password
you will get a # prompt
then type
config term
this will get you into config mode....
you can do all commands from config mode on the pix.....
do a
show ip address
This will give you the ip addresses of the interfaces
it will look like this
ip address outside 66.83.182.178 255.255.255.240
ip address inside 192.168.111.4 255.255.255.0
do a
show nameif
and it will tell you what ethernet port is assigned to which interface name
it will look like this
nameif ethernet0 outside security0
nameif ethernet1 inside security100
the ip address is assigned to the outside is the physical port ethernet 0 (e0) on the pix.
Good Luck
type
enable
then input the password
you will get a # prompt
then type
config term
this will get you into config mode....
you can do all commands from config mode on the pix.....
do a
show ip address
This will give you the ip addresses of the interfaces
it will look like this
ip address outside 66.83.182.178 255.255.255.240
ip address inside 192.168.111.4 255.255.255.0
do a
show nameif
and it will tell you what ethernet port is assigned to which interface name
it will look like this
nameif ethernet0 outside security0
nameif ethernet1 inside security100
the ip address is assigned to the outside is the physical port ethernet 0 (e0) on the pix.
Good Luck
are you trying to change the address of the web server on the inside....and translate an IP address from the outside to the web server???
I am not completely clear as to what you are trying to accomplish....
also if you are running 6.3.1 code you will need to reboot the pix each time you add a static NAT....
because of a bug in the code...
good luck
I am not completely clear as to what you are trying to accomplish....
also if you are running 6.3.1 code you will need to reboot the pix each time you add a static NAT....
because of a bug in the code...
good luck
ASKER
OK Here is what I am trying to do:
in the pix network that i have which I have two of them with a fail over. I have a web server with an internal ip address. some how the PIX fire wall is configured to forward traffic that distant to the web server on port 80, which is good.
now I am trying to know where to change the ip address of the web server, because it will be another server.
in the pix network that i have which I have two of them with a fail over. I have a web server with an internal ip address. some how the PIX fire wall is configured to forward traffic that distant to the web server on port 80, which is good.
now I am trying to know where to change the ip address of the web server, because it will be another server.
Ah right... I see.
There will be two places:
1) In the access lists (commands beginning access-list)
2) In the NAT statements (commands beginning 'static')
You should be able to spot your web server address in there somewhere - just swap it around with the new one.
It would be useful to see your config just in case there's anything else setup or any peculiarities that may get in the way ??
There will be two places:
1) In the access lists (commands beginning access-list)
2) In the NAT statements (commands beginning 'static')
You should be able to spot your web server address in there somewhere - just swap it around with the new one.
It would be useful to see your config just in case there's anything else setup or any peculiarities that may get in the way ??
Actually tim is correct except that on the Access-list the ip address will be the external NATed IP address.....And this shouldn't have to be changed if you only want to change the address of the Web server....
on the "STATIC" statements it will be the internal ip address....i.e. 192.168.blah.blah.....This
Just a little clarification...
Good Luck
on the "STATIC" statements it will be the internal ip address....i.e. 192.168.blah.blah.....This
Just a little clarification...
Good Luck
ASKER
Thanks a lot for the clarification hawgpig.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you so much man.
MJ
MJ
ASKER
I want to thank you very again, and I have one more Q if you don't mind.
if I have the followinf line:
static (inside,outside) 212.212.212.212 192.168.1.100 netmask 255.255.255.255 0 0
and I want to change it to:
static (inside,outside) 212.212.212.212 192.168.1.200 netmask 255.255.255.255 0 0
how can I do that? in other words I want to change the internal IP address.
I appreciate your help buddy.
if I have the followinf line:
static (inside,outside) 212.212.212.212 192.168.1.100 netmask 255.255.255.255 0 0
and I want to change it to:
static (inside,outside) 212.212.212.212 192.168.1.200 netmask 255.255.255.255 0 0
how can I do that? in other words I want to change the internal IP address.
I appreciate your help buddy.
No Probms ---
here you go .... Follow this line by line
pixfirewall(config)#sh static
pixfirewall(config)#static
pixfirewall(config)#no static (inside,outside) 212.212.212.212 192.168.1.100 netmask 255.255.255.255
pixfirewall(config)#static
pixfirewall(config)#sh static
pixfirewall(config)#static
pixfirewall(config)#write mem
pixfirewall(config)#clear xlate
pixfirewall(config)#clear arp
DONE............
EXPLANATION OF THE CMDS..
Line 1 you see the existing Static
Line 2 PIX shows the old ststic
Line 3 you remove the old static
line 4 you insert the new static
line 5 you again see the static
line 6 PIX shows the new static
Line 7 you save the conf
line 8 you cleared the translation slot
line 9 you cleared the ARP entries
here you go .... Follow this line by line
pixfirewall(config)#sh static
pixfirewall(config)#static
pixfirewall(config)#no static (inside,outside) 212.212.212.212 192.168.1.100 netmask 255.255.255.255
pixfirewall(config)#static
pixfirewall(config)#sh static
pixfirewall(config)#static
pixfirewall(config)#write mem
pixfirewall(config)#clear xlate
pixfirewall(config)#clear arp
DONE............
EXPLANATION OF THE CMDS..
Line 1 you see the existing Static
Line 2 PIX shows the old ststic
Line 3 you remove the old static
line 4 you insert the new static
line 5 you again see the static
line 6 PIX shows the new static
Line 7 you save the conf
line 8 you cleared the translation slot
line 9 you cleared the ARP entries
To change the ip address, go to a "config t" prompt and type in
ip address (interface name) 192.168.1.200 255.255.255.0 (or whatever your subnet mask it).