05-07-2007 07:40 AM - edited 03-05-2019 03:54 PM
I'm setting up a 506e for the first time. I want to change the inside IP address to 192.168.0.1 (DHCP server disabled), but PIX complains that address is not in DHCP pool. I can't change pool without conflict with network address.
Why won't PIX allow a networy address change if DHCP server is disabled?
Help, please!
Regards,
dpm
Solved! Go to Solution.
05-07-2007 03:55 PM
pixfirewall# config t
pixfirewall(config)# no ip address inside dhcp
pixfirewall(config)# ip address inside 192.168.0.1 255.255.255.0
Interface address is not on same subnet as DHCP pool
pixfirewall(config)# exit
pixfirewall#
The error has something to do with DHCP pool. Honestly it appears to be a bug since DHCP is disabled.
Just remove the references below and hopefully it will work.
Do a the following;
config t
no dhcpd address 192.168.1.2-192.168.1.254 inside
no dhcpd lease 3600
ip address inside 192.168.0.1 255.255.255.0
exit
wr me
Let me know if it works.
05-07-2007 07:42 AM
Please post config and I can help you
05-07-2007 08:02 AM
Sorry, I'm *really* a newbie. How do I extract the current config as a text file? I'm using the PDM tool.
Thanks,
dpm
05-07-2007 08:10 AM
Your gonna need to lose the PDM thingy. I would suggest getting the free terminal program called "putty" and then use it to telnet into the pix. Once you are into the pix using putty you can issue the sh run command. Right click in the putty header bar (at top of screen) and select 'copy all to clipboard'. Open up your wordpad/notepad and then right click and do a 'paste'. From here you can print, copy whatever the configuration text.
Really need to see the config in order to be helpful.
putty client can be found at
05-07-2007 08:46 AM
I got putty. If I choose "SSH" it replies "connection refused"; if I select "telnet" putty just exits.
I'm really sorry to be a pain, but I don't understand why this is so difficult.
Regards,
dpm
05-07-2007 09:39 AM
I am assuming that you are entering the correct IP for the telnet session. Sounds like you do not have telnet enabled on the PIX. Can you check that with PDM. Not really so difficult but virtually no one that is responsible for a PIX uses the PDM. So I guess I am at a disadvantage in that I have just barely seen what the PDM interface looks like.
05-07-2007 10:43 AM
While in the PDM, go to File, Show Running config in New Window, login and then do a file, save as, change the file type to text and save it where you want it.
05-07-2007 10:55 AM
05-07-2007 02:07 PM
you have the following dhcp entries in your config
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
I think you can remove these by issuing a 'no dhcpd' command while in the pix. Note the d at the end of dhcpd
Additionally you have no telnet or ssh set up your pix so you will need to console in with the blue cisco cable that came with your pix. Do this using hyperterminal and the com settings are
9600
n
8
1
Additionally note that in order for the pix to work you must have a different subnet on each side (inside/outside)
05-07-2007 10:14 AM
What IP address is currently on inside interface?
Also what version of code are you running?
05-07-2007 10:26 AM
IP address is factory default: 192.168.1.1
The 506e is running 6.3(5).
Thanks,
dpm
05-07-2007 10:52 AM
Can you console into the switch and change the IP address?
You may have to do the following commands;
enable
config t
no ip address inside dhcp
ip address inside 192.168.0.1 255.255.255.0
exit
wr me
I will try to look at the PDM and figure out how to accomplish the same thing.
05-07-2007 11:25 AM
Here's what I got:
pixfirewall# config t
pixfirewall(config)# no ip address inside dhcp
pixfirewall(config)# ip address inside 192.168.0.1 255.255.255.0
Interface address is not on same subnet as DHCP pool
pixfirewall(config)# exit
pixfirewall#
Odd, huh?
Thanks,
Dean
05-07-2007 11:04 AM
From your config, the inside interface has a DHCP pool configured. Do you want the inside interface to act as a DHCP server? If not I would just remove all references for the pool.
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd lease 3600
05-07-2007 11:30 AM
Do a the following;
config t
no dhcpd address 192.168.1.2-192.168.1.254 inside
no dhcpd lease 3600
ip address inside 192.168.0.1 255.255.255.0
exit
wr me
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: