Outside IP migration on PIX

Unanswered Question
Jun 5th, 2007
User Badges:

I have to migrate a PIX to a different IP block on the outside interface. Unfortunately, my only means of connection is via SSH on the outside interface. How is it possible to change the outside IP and default route without losing my SSH session by changing one or the other? I know I have done this before but, I can't find the procedure. Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 06/05/2007 - 11:48
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


What is the new default route going to be and is the next hop already there or does the ISP have to make a change as well ?


Jon

sdemlow007 Tue, 06/05/2007 - 11:55
User Badges:

I was told that both routes (old & new) would be available at the same time. The only thing that I could think of was to add another default route, then change the outside IP. Like so:


route outside 0.0.0.0 0.0.0.0 10.0.0.1 255.255.255.0 1 (OLD)

route outside 0.0.0.0 0.0.0.0 20.0.0.1 255.255.255.0 2 (NEW)


ip address outside 20.0.0.2 255.255.255.0


Once I got back in I was going to remove the old default route and change the new route to the metric of 1.


I'm thinking that the new gateway is not available.


Jon Marshall Tue, 06/05/2007 - 23:14
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


if they are both available at the same time i would


1) Log in and set up a host specific route for the machine you are connecting from pointing back through the old gateway.

2) Change the default route to point to the new gateway.

3) Change the outside interface of the pix.


I'm not sure adding 2 default routes will work as you want.


HTH


Jon

sdemlow007 Thu, 06/07/2007 - 04:57
User Badges:

Thank you sir. I'll give that a shot and report the results in a little while.

sdemlow007 Thu, 06/07/2007 - 06:57
User Badges:

Pfffffffft...Kinda of what I suspected, the ISP's "new" gateway is not operational (even though I verified that it was through 2 of their techs). Thank you for your assistance though as I did use that at a different remote location and it worked like a champ.

Jon Marshall Thu, 06/07/2007 - 22:22
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Glad it worked and thanks for letting me know.


Jon

Actions

This Discussion