?
Solved

PIX 506 IP address change problem

Posted on 2005-03-25
8
Medium Priority
?
273 Views
Last Modified: 2010-04-09
I have a PIX 506 and can get into through PDM without any problems.  Once I change the IP address either through PDM or telnet it goes through without any problems.  I wr mem but then i can not connect back to the PIX through PDM.  I can ping the address though.  Any ideas?
0
Comment
Question by:riverraid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 13633527
>i can not connect back to the PIX through PDM
Do you mean to the new IP address? Is the new IP in the same subnet? Are you changing the inside or the outside interface? If there is a router on the same interface, then that router has an arp cache that must time out before you can connect again.
0
 

Author Comment

by:riverraid
ID: 13641221
I am connecting a laptop directly to the PIX through a crossover cable.  Once i reset the inside ip address and then change the laptop to match, I can not connect through PDM.  I can ping it on the network cable and I can connect to it through the console cable.  i have the same issue through a switch without a router on the network.  
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13643190
Are you changing it to a totally different subnet?
You will first have to add a line for the new IP address that your laptop will have:

 http <new laptop address> 255.255.255.255 inside

NOW, change your inside IP, change your laptop, and you should be able to access it.

0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:riverraid
ID: 13643536
i am leaving both the laptop and the pix on the 255.255.255.0 subnet.  Do I need to have the subnet changed?  Shouldn't it work as long as both are on the same networking scheme regardless of what that is?  I am just changing it to 192.168.X.1 where X is not the same as the outside address.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13643610
Here's the deal. The subnet mask does not determine the subnet, the X does.
Example. Substitute your "X" for my "8"..
Inside IP address now = 192.168.222.24 255.255.255.0
Laptop now = 192.168.222.234 255.255.255.0
If you change them to be:
  New inside IP address = 192.168.8.1 255.255.255.0  <= mask is still the same, but totally different subnet
  New laptop IP address = 192.168.8.22 255.255.255.0 <=Ok, you can ping the PIX inside IP, but you can't use the GUI
Why can't you use the GUI?
Because there is an access-list applied to the web interface in the form of the "http <address> <mask> <interface>" commands:

Now, you have something like this:
 http 192.168.222.0 255.255.255.0 inside
Change the laptop to 192.168.8.22 and you can see that this new subnet does not have permission to use the GUI
Add a new permissions line BEFORE you change the laptop's IP address
  http 192.168.8.0 255.255.255.0 inside
NOW, you can change the IP address of the interface, change your laptop to match, and now you can access the GUI.
0
 

Author Comment

by:riverraid
ID: 13643851
Do i have to change the access list from the command promt or can i do it from PDM?  Also, from what you say here, I need connect through the console cable, change the address of the inside port to 192.168.8.0 255.255.255.0, the type "http 192.168.8.0 255.255.255.0 inside" and this will allow access through PDM to all inside IP addresses?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1000 total points
ID: 13647650
>Do i have to change the access list from the command promt or can i do it from PDM?
You can do it from the PDM if you want, but it is much easier from the command prompt. Just do it BEFORE you change the IP address of the inside itnerface.

>I need connect through the console cable, change the address of the inside port to 192.168.8.0 255.255.255.0, the type "http 192.168.8.0 255.255.255.0 inside" and this will allow access through PDM to all inside IP addresses?

This is definately the preferred method, yes.

>>change the address of the inside port to 192.168.8.0 255.255.255.0,
Careful, there. Change the address of the inside port to 192.168.8.1 255.255.255.0
                                                                                               ^
0
 
LVL 3

Expert Comment

by:alex_yala
ID: 13650127
I don't use much PDM, but the idea if you want to change the IP address through PDM is:
- Change access permission using http to the new subnet first
- Then change the IP address

Because once you change the IP address, it won't allow you to PDM anymore.

But if you change the PDM access first, it will aloow you to PDM in after the IP address has been changed.

Sorry, I reuse/clarify lrmoore idea.

Good Luck.

Alex.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question