problem with changing pix501 outside dhcp to static ip

Unanswered Question
Nov 27th, 2007
User Badges:

I have a pix 501 with software version 6.3(4)

PDM version 3.0(2).


Problem: I was changing outside dhcp to static IP from PDM and pix freezes when trying to write to flash.


Context: 1. the ISP had just changed our DHCP provided outside address with a new static IP and default gateway ( the router at the ISP). 2. I was in the PDM system properties>outside interface edit and had changed to new static ip and hit save and write to flash memory. 3. traffic was still running through pix from other computers.

The PDM froze up and then I tried restarting the computer but could not bring up the PDM.

I repowered the pix and still could not connect to it from PC. I had the ISP provider put back in our previous dhcp provided address. Then I shut down the main DSL line and restarted it and the pix and everything was back up. The changes had not been made.


It seems like the PDM can be used to reconfigure for a static IP but there must be some conditions or sequence of steps required. Should we shut down the DSL then reconfigure the pix with the PDM?


One other question is where in the PDM interface can I set the new default gateway at the ISP? I couldn't find where to do it except maybe under routing>static route.


Thanks for any suggestions on this.


Hugh




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Loading.
Collin Clark Tue, 11/27/2007 - 09:19
User Badges:
  • Purple, 4500 points or more

Hugh-


If you comfortable in the CLI, try the following commands. I never use PDM, so I can't help there.


To configure a new IP:


ip address outside


To remove the old default route:


no route outside 0.0.0.0 0.0.0.0


To add new default route:


route outside 0.0.0.0 0.0.0.0


I would also clear arp and xlate:

clear arp

clear xlate


Test and save if working properly:

write memory


I know that some ISPs require different usernames when going to static IP's, so you might want to double check that. Also check your global statements, I've seen where people put in a hard address versus the keyword interface.


HTH and please rate if it does.

leo_7vsta Tue, 11/27/2007 - 13:02
User Badges:

Collin,


Thanks for the reply.

I'm not familiar with the CLI. There is a command line option under the Tools menu on the PDM. From here I've entered a few commands like "show running-config" etc. Can I use this interface?


I also need to put in two DNS servers. They are different from the ones provided if we use the current outside dhcp configuration. I would need to know the commands to set the DNS servers.


In my config file I see only one command that starts with 'global' now it is:

"global (outside) 1 interface"


Can traffic still be running when I do all this?


How exactly do you mean 'test it'?


As for ratings I'm new here so don't know what the standards are nor how I'm allowed points to give away. I could give x where x is a very high value but that may be against the rules. Let me know.


Thanks again

Hugh

Collin Clark Tue, 11/27/2007 - 13:16
User Badges:
  • Purple, 4500 points or more

Hugh-


Again I don't use PDM, but the CLI menu option sounds like it will work. The firwall itself does not use DNS, however if you're using the firewall as a DHCP server and you need to change what DNS server it hands out, the command is-


dhcpd dns


Your global is OK, nothing to change there. Traffic will stop for a short period of time (while you make the IP address change, clear arp and xlate), maybe 5- 10 seconds depending on how fast you type! You don't need to shutdown any PC's or anything. By testing I mean, make sure from a PC you can surf the net, get your email, etc. You can rate each person on a single topic only once. Rate however you feel, no rules or regulations here, just determine it on if you were helped or not. Let us know how the change goes.

leo_7vsta Tue, 11/27/2007 - 14:07
User Badges:

Collin,


I take it that I can test before I 'write memory'.


The only thing that I'm still wondering about is what happened to make the pix freeze up. Perhaps it was that I didn't know of or think of how to clear the apr and xlate from the PDM?


Hugh

Collin Clark Tue, 11/27/2007 - 14:11
User Badges:
  • Purple, 4500 points or more

Not sure why, would have to be there to troubleshoot. Yes, test and make sure it works then write memory.

leo_7vsta Wed, 11/28/2007 - 16:05
User Badges:

Collin,


I didn't have a chance to work on it today.

I will let you know how it goes when I do.


Hugh

Actions

This Discussion