?
Solved

How to renumber PIX 501 inside IP address with VPN tunnel active?

Posted on 2007-10-14
4
Medium Priority
?
251 Views
Last Modified: 2010-04-09
We have several offices using PIX 501s with site-to-site VPN going to a PIX 515.  I need to renumber the inside IP addresses while the VPN tunnels are active but when I attempt that, I lose access to the PIX.  Also since the PIX is serving DHCP at its location I have to disable DHCP first.  I tried opening Telnet to an outside IP address and configuring "Management-Access Outside" but that doesn't seem to work either.  Could someone help point me in the right direction?  Your help will be greatly appreciated!

Don
0
Comment
Question by:WTFDon
  • 2
  • 2
4 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 20074996
You should be able to access the PIX through the PDM on the public IP address, not through the VPN tunnel.
You can SSH to the outside IP address if you want the command line.
0
 

Author Comment

by:WTFDon
ID: 20075023
Thanks for the quick response, Irmoore!  I tried SSH to the public IP on the PIX but wasn't able to establish a session.  I'm certain I can reconfigure the PIX if I can access it from outside but I didn't pursue this avenue because I was told by a colleague that you couldn't access the PIX 501 outside interface when a vpn tunnel was active.  Was that incorrect?  If so, could you tell me the correct statements to add to the config enabling SSH to be sure I've got them right?  Thanks for your help!
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 20075354
to enable ssh:

aaa authentication ssh console LOCAL
username yourusername password yourpassword
ssh 12.34.6.7 255.255.255.255 outside  <== your IP Address
ssh timeout 5
ca generate rsa key 1024

0
 

Author Comment

by:WTFDon
ID: 20075678
That is EXACTLY the answer.  There are just a couple more things though:  You have to be sure to save the rsa key with "ca save all" and disconnect the vpn tunnel at the remote PIX by issuing "no vpnclient enable", access with SSH to make changes and then bring the tunnel back up with "vpnclient enable".  Thanks a mega for your help!
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month16 days, 17 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question