Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

PIX 515 FireWall

Posted on 2004-03-26
14
Medium Priority
?
947 Views
Last Modified: 2013-11-16
hi there,

I have a firewal that has a NAT running, and I have it forwarding the traffic from Public IP Address to an Internal IP Addrss.
lets say that the Public Address is 212.212.212.212, and the internal IP Address is 192.168.1.100, which is the Web Server, with only port 80 opened.

I am trying to know to which interface is the 212.212.212.212 assigned, and how can I change the IP Address 192.168.1.100 to 192.168.1.200.

Can any body help me please???

MJ
0
Comment
Question by:mjalmassud
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +2
14 Comments
 

Expert Comment

by:brianclay
ID: 10691833
To answer the first question (which interface is 212.212.212.212 assigned)...do a "show run" (after you are in an enable prompt).  This will show you the router config - including IP's assigned to each interface.

To change the ip address, go to a "config t" prompt and type in

ip address (interface name) 192.168.1.200 255.255.255.0 (or whatever your subnet mask it).
0
 
LVL 1

Author Comment

by:mjalmassud
ID: 10692415
thanks for the add.

I tried to use show run and shun, but it is not interacting with those two commands for some reason.

it is saying type help for a list of available commands.

I was in the mode after I enabled.

thanks
0
 

Expert Comment

by:brianclay
ID: 10692673
try this....

recycle the firewall (and connect with the console cable)

at the initial prompt, type enable (sometimes you have to reboot to get htis to work).
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:mjalmassud
ID: 10692685
I will after 3 AM because they are in production and I can not recycle any of them at this moment.

thanks a lot buddy.
0
 
LVL 4

Expert Comment

by:hawgpig
ID: 10692871
you need to b ein config mode....
type

enable

then input the password
you will get a # prompt
then type

config term

this will get you into config mode....
you can do all commands from config mode on the pix.....
do a

show ip address

This will give you the ip addresses of the interfaces
it will look like this

ip address outside 66.83.182.178 255.255.255.240
ip address inside 192.168.111.4 255.255.255.0

do a

show nameif

and it will tell you what ethernet port is assigned to which interface name
it will look like this

nameif ethernet0 outside security0
nameif ethernet1 inside security100

the ip address is assigned to the outside is the physical  port ethernet 0 (e0) on the pix.

Good Luck
0
 
LVL 4

Expert Comment

by:hawgpig
ID: 10692879
are you trying to change the address of the web server on the inside....and translate an IP address from the outside to the web server???
I am not completely clear as to what you are trying to accomplish....
also if you are running 6.3.1 code you will need to reboot the pix each time you add a static NAT....
because of a bug in the code...
good luck
0
 
LVL 1

Author Comment

by:mjalmassud
ID: 10693524
OK Here is what I am trying to do:

in the pix network that i have which I have two of them with a fail over. I have a web server with an internal ip address. some how the PIX fire wall is configured to forward  traffic that distant to the web server on port 80, which is good.
now I am trying to know where to change the ip address of the web server, because it will be another server.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10699170
Ah right... I see.
There will be two places:

1)  In the access lists (commands beginning access-list)
2)  In the NAT statements (commands beginning 'static')

You should be able to spot your web server address in there somewhere - just swap it around with the new one.
It would be useful to see your config just in case there's anything else setup or any peculiarities that may get in the way ??

0
 
LVL 4

Expert Comment

by:hawgpig
ID: 10713810
Actually tim is correct except that on the Access-list the ip address will be the external NATed IP address.....And this shouldn't have to be changed if you only want to change the address of the Web server....

on the "STATIC" statements it will be the internal ip address....i.e. 192.168.blah.blah.....This will need to be changed......
Just a little clarification...
Good Luck
0
 
LVL 1

Author Comment

by:mjalmassud
ID: 10713954
Thanks a lot for the clarification hawgpig.
0
 
LVL 1

Accepted Solution

by:
ambarishsen earned 2000 total points
ID: 10728213
give the command

(config)#show static

it will show you the static translation against the private IP 192.168.1.100
The syntax for static is
static(high sec,low sec)IP of high sec, IP of low sec

give a 'no' command before the static statement from Command Line Interface (remove the static if you are using PDM)
add the new Staic Statement
static(inside,outside)public IP, private IP  

and finally give the commands ---
(config)#write mem   ----to save the conf.
(config)#cl xlate        ----to reset the translation slots
(config)#cl arp         -------to reset the ARP table.

FYI -- EVERY THING SUD BE DONE ON THE PRIMARY PIX.

good luck, you sud be back in business.





0
 
LVL 1

Author Comment

by:mjalmassud
ID: 10729368
Thank you so much man.

MJ
0
 
LVL 1

Author Comment

by:mjalmassud
ID: 10732997
I want to thank you very again, and I have one more Q if you don't mind.
if I have the followinf line:

static (inside,outside) 212.212.212.212 192.168.1.100 netmask 255.255.255.255 0 0

and I want to change it to:

static (inside,outside) 212.212.212.212 192.168.1.200 netmask 255.255.255.255 0 0

how can I do that? in other words I want to change the internal IP address.

I appreciate your help buddy.
0
 
LVL 1

Expert Comment

by:ambarishsen
ID: 10733255
No Probms ---
here you go .... Follow this line by line

pixfirewall(config)#sh static
pixfirewall(config)#static (inside,outside) 212.212.212.212 192.168.1.100 netmask 255.255.255.255
pixfirewall(config)#no static (inside,outside) 212.212.212.212 192.168.1.100 netmask 255.255.255.255
pixfirewall(config)#static (inside,outside) 212.212.212.212 192.168.1.200 netmask 255.255.255.255
pixfirewall(config)#sh static
pixfirewall(config)#static (inside,outside) 212.212.212.212 192.168.1.200 netmask 255.255.255.255 0 0
pixfirewall(config)#write mem
pixfirewall(config)#clear xlate
pixfirewall(config)#clear arp

DONE............

EXPLANATION OF THE CMDS..

Line 1 you see the existing Static
Line 2 PIX shows the old ststic
Line 3 you remove the old static
line 4  you insert the new static
line 5  you again see the static
line 6  PIX shows the new static
Line 7 you save the conf
line 8  you cleared the translation slot
line 9  you cleared the ARP entries


0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question