Changing DMZ & Outside Interfaces on PIX515E with PDM

Unanswered Question

Recently, our compnay purchased a Fiber Service from AT&T. We are currently on a ADSL line. We have three Cisco appliances in parallel connection to our Internet ADSL connection. Our Public IP block for the fiber is new, so - we have to change all the outside interfaces and the DMZ on the PIX to the new IP block.

I assume I can manage these changes on the PIX using the PDM interface only as the Internal Interface will not change? My connection to that interface will stay connected even though I am making major interface changes.

In addition - if I change the DMZ interface and the Outside Interface using the PDM , will the PDM globally update all RULES useing these interfaces?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Mon, 11/19/2007 - 14:31

Michael, that is correct, as far as your inside interface does not changes you can managed all the external chnages from PDM connection and CLI at the same time.

As for your second question on PDM updating rules in theory yes, I say theaory only for one reason just to have a full backup of all access-list rules just in case, I have done PIX outside re-IP %100 through PDM which automatically takes care of the rest, rules clear xlates updates automatically etc... When you do the static NATs if any from outside and DMZ do them one by one since PIX have to delete and recreate what is in the fules, the same applied for outside GLOBAL pools and PAT , do them one by one and take notes from old in case you need to revert back, global POOLS are the easiest to re-ip. If you are preparing this implementation it is also good to have a manual script just in case you need to do things in CLI but overall you should be good with PDM.

HTH

Jorge

Actions

This Discussion