PIX newbie, IP settings

Answered Question
May 7th, 2007
User Badges:

I'm setting up a 506e for the first time. I want to change the inside IP address to 192.168.0.1 (DHCP server disabled), but PIX complains that address is not in DHCP pool. I can't change pool without conflict with network address.


Why won't PIX allow a networy address change if DHCP server is disabled?


Help, please!


Regards,

dpm


pixfirewall# config t

pixfirewall(config)# no ip address inside dhcp

pixfirewall(config)# ip address inside 192.168.0.1 255.255.255.0

Interface address is not on same subnet as DHCP pool

pixfirewall(config)# exit

pixfirewall#


The error has something to do with DHCP pool. Honestly it appears to be a bug since DHCP is disabled.

Just remove the references below and hopefully it will work.


Do a the following;


config t

no dhcpd address 192.168.1.2-192.168.1.254 inside

no dhcpd lease 3600


ip address inside 192.168.0.1 255.255.255.0

exit

wr me


Let me know if it works.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
nagel Mon, 05/07/2007 - 07:42
User Badges:

Please post config and I can help you

ddidpm506 Mon, 05/07/2007 - 08:02
User Badges:

Sorry, I'm *really* a newbie. How do I extract the current config as a text file? I'm using the PDM tool.


Thanks,

dpm


nagel Mon, 05/07/2007 - 08:10
User Badges:

Your gonna need to lose the PDM thingy. I would suggest getting the free terminal program called "putty" and then use it to telnet into the pix. Once you are into the pix using putty you can issue the sh run command. Right click in the putty header bar (at top of screen) and select 'copy all to clipboard'. Open up your wordpad/notepad and then right click and do a 'paste'. From here you can print, copy whatever the configuration text.


Really need to see the config in order to be helpful.


putty client can be found at


http://www.chiark.greenend.org.uk/~sgtatham/putty/



ddidpm506 Mon, 05/07/2007 - 08:46
User Badges:

I got putty. If I choose "SSH" it replies "connection refused"; if I select "telnet" putty just exits.


I'm really sorry to be a pain, but I don't understand why this is so difficult.


Regards,

dpm


nagel Mon, 05/07/2007 - 09:39
User Badges:

I am assuming that you are entering the correct IP for the telnet session. Sounds like you do not have telnet enabled on the PIX. Can you check that with PDM. Not really so difficult but virtually no one that is responsible for a PIX uses the PDM. So I guess I am at a disadvantage in that I have just barely seen what the PDM interface looks like.

jamesrose Mon, 05/07/2007 - 10:43
User Badges:

While in the PDM, go to File, Show Running config in New Window, login and then do a file, save as, change the file type to text and save it where you want it.

nagel Mon, 05/07/2007 - 14:07
User Badges:

you have the following dhcp entries in your config


dhcpd address 192.168.1.2-192.168.1.254 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside


I think you can remove these by issuing a 'no dhcpd' command while in the pix. Note the d at the end of dhcpd


Additionally you have no telnet or ssh set up your pix so you will need to console in with the blue cisco cable that came with your pix. Do this using hyperterminal and the com settings are


9600

n

8

1


Additionally note that in order for the pix to work you must have a different subnet on each side (inside/outside)



ddidpm506 Mon, 05/07/2007 - 10:26
User Badges:

IP address is factory default: 192.168.1.1


The 506e is running 6.3(5).


Thanks,

dpm


ddidpm506 Mon, 05/07/2007 - 11:25
User Badges:

Here's what I got:


pixfirewall# config t

pixfirewall(config)# no ip address inside dhcp

pixfirewall(config)# ip address inside 192.168.0.1 255.255.255.0

Interface address is not on same subnet as DHCP pool

pixfirewall(config)# exit

pixfirewall#


Odd, huh?


Thanks,

Dean


ddidpm506 Mon, 05/07/2007 - 12:01
User Badges:

Well, PDM shows the DHCP servers disabled on both ports.


dpm


Correct Answer

pixfirewall# config t

pixfirewall(config)# no ip address inside dhcp

pixfirewall(config)# ip address inside 192.168.0.1 255.255.255.0

Interface address is not on same subnet as DHCP pool

pixfirewall(config)# exit

pixfirewall#


The error has something to do with DHCP pool. Honestly it appears to be a bug since DHCP is disabled.

Just remove the references below and hopefully it will work.


Do a the following;


config t

no dhcpd address 192.168.1.2-192.168.1.254 inside

no dhcpd lease 3600


ip address inside 192.168.0.1 255.255.255.0

exit

wr me


Let me know if it works.

ddidpm506 Tue, 05/08/2007 - 05:12
User Badges:

Your procedure seemed to work - I can now ping the inside port at 192.168.0.1. I lost contact with the internal web server, but when I changed it's address to 192.168.0.1 it started working again.


Thanks for your help.


Regards,

dpm


Actions

This Discussion