Ooops, made a bit of a mess of this. I didn't do this on site (the datacenter is too far away) - now I have a very early start b4 clients connect unless I can fix this on the PIX over SSH (which I can connect to)!
I've had a few issues with VLANs behind the firewall. There are x2: Vlan 2 (192.168.5.0/24) and Vlan 10 (10.0.0.0/24).
The Pix connects to a catalyst via a trunk which has both Vlans. The PIX DID have the inside interface of 192.168.5.1 and the catalyst had the default VLAN2.
I simply changed the default VLAN on the catalyst to VLAN10 (this kicked me off the VPN which I expected). I then thought I could login over SSH on the firewall change the internal interface to 10.0.0.1 and everything would be fine. I did this - but no joy. Eveything is down. I think this is because the route on the catalyst is still pointing to the 192.168.5.1 address.
Aaahh! Anything I can do? I've added a logical address in VLAN 2 with the 192.168.5.1 address - still no joy! Do I have to make the physical address of 10.0.0.0 have a lower security level than the logical VLAN2 address?
Sorry - I'm quite new to this - as you can see!
Thanks in advance