cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1565
Views
0
Helpful
17
Replies

PIX newbie, IP settings

ddidpm506
Level 1
Level 1

I'm setting up a 506e for the first time. I want to change the inside IP address to 192.168.0.1 (DHCP server disabled), but PIX complains that address is not in DHCP pool. I can't change pool without conflict with network address.

Why won't PIX allow a networy address change if DHCP server is disabled?

Help, please!

Regards,

dpm

1 Accepted Solution

Accepted Solutions

pixfirewall# config t

pixfirewall(config)# no ip address inside dhcp

pixfirewall(config)# ip address inside 192.168.0.1 255.255.255.0

Interface address is not on same subnet as DHCP pool

pixfirewall(config)# exit

pixfirewall#

The error has something to do with DHCP pool. Honestly it appears to be a bug since DHCP is disabled.

Just remove the references below and hopefully it will work.

Do a the following;

config t

no dhcpd address 192.168.1.2-192.168.1.254 inside

no dhcpd lease 3600

ip address inside 192.168.0.1 255.255.255.0

exit

wr me

Let me know if it works.

View solution in original post

17 Replies 17

nagel
Level 1
Level 1

Please post config and I can help you

Sorry, I'm *really* a newbie. How do I extract the current config as a text file? I'm using the PDM tool.

Thanks,

dpm

Your gonna need to lose the PDM thingy. I would suggest getting the free terminal program called "putty" and then use it to telnet into the pix. Once you are into the pix using putty you can issue the sh run command. Right click in the putty header bar (at top of screen) and select 'copy all to clipboard'. Open up your wordpad/notepad and then right click and do a 'paste'. From here you can print, copy whatever the configuration text.

Really need to see the config in order to be helpful.

putty client can be found at

http://www.chiark.greenend.org.uk/~sgtatham/putty/

I got putty. If I choose "SSH" it replies "connection refused"; if I select "telnet" putty just exits.

I'm really sorry to be a pain, but I don't understand why this is so difficult.

Regards,

dpm

I am assuming that you are entering the correct IP for the telnet session. Sounds like you do not have telnet enabled on the PIX. Can you check that with PDM. Not really so difficult but virtually no one that is responsible for a PIX uses the PDM. So I guess I am at a disadvantage in that I have just barely seen what the PDM interface looks like.

While in the PDM, go to File, Show Running config in New Window, login and then do a file, save as, change the file type to text and save it where you want it.

Thanks.

Config attached.

Regards,

dpm

you have the following dhcp entries in your config

dhcpd address 192.168.1.2-192.168.1.254 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

I think you can remove these by issuing a 'no dhcpd' command while in the pix. Note the d at the end of dhcpd

Additionally you have no telnet or ssh set up your pix so you will need to console in with the blue cisco cable that came with your pix. Do this using hyperterminal and the com settings are

9600

n

8

1

Additionally note that in order for the pix to work you must have a different subnet on each side (inside/outside)

cbz
Level 1
Level 1

What IP address is currently on inside interface?

Also what version of code are you running?

IP address is factory default: 192.168.1.1

The 506e is running 6.3(5).

Thanks,

dpm

Can you console into the switch and change the IP address?

You may have to do the following commands;

enable

config t

no ip address inside dhcp

ip address inside 192.168.0.1 255.255.255.0

exit

wr me

I will try to look at the PDM and figure out how to accomplish the same thing.

Here's what I got:

pixfirewall# config t

pixfirewall(config)# no ip address inside dhcp

pixfirewall(config)# ip address inside 192.168.0.1 255.255.255.0

Interface address is not on same subnet as DHCP pool

pixfirewall(config)# exit

pixfirewall#

Odd, huh?

Thanks,

Dean

From your config, the inside interface has a DHCP pool configured. Do you want the inside interface to act as a DHCP server? If not I would just remove all references for the pool.

dhcpd address 192.168.1.2-192.168.1.254 inside

dhcpd lease 3600

Do a the following;

config t

no dhcpd address 192.168.1.2-192.168.1.254 inside

no dhcpd lease 3600

ip address inside 192.168.0.1 255.255.255.0

exit

wr me

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: