02-09-2008 05:57 PM - edited 03-11-2019 05:00 AM
I can't use the https://192.168.1.1 to configure the pix because my ISP router has the same address?
any idea?
thanks
Solved! Go to Solution.
02-10-2008 05:39 PM
Kadri,
I see and understand your scenario, so what you are saying is that your inside interface has not IP address, are your inside hosts if any under the same IP scheme as the 192.168.1.0 network?, if you want to manage the firewall through the outside interface it will need to be done through SSH sessions as you cannot https to the firewall via outside interface. I would highly recommend to build a new IP scheme for your inside private network different from your outside/Verizon ip scheme and thus be able to trully hide your inside private LAN from the outside..hope this makes sence to you.
Rgds
Jorge
02-09-2008 06:40 PM
simply configure PIX inside interface with different IP that is not being used, e.g you could use 192.168.1.2/24
console to the pix and issue.
PIX(config)#
no ip address inside 192.168.1.1 255.255.255.0
ip address inside 192.168.1.2 255.255.255.0
in case this is not in config enable http server.
PIX(config)#http server enable
Allow admin to PIX from any host on inside subnet 192.168.1.0
PIX(config)#http 192.168.1.0 255.255.255.0 inside
Allow telnet admin
PIX(config)#telnet 192.168.1.0 255.255.255.0 inside
You shoud be all set with these settings.
Rgds
Jorge
02-10-2008 04:57 PM
Thanks Jorge. I maybe did not explain it correctly.
The (verizon)router has the IP address 192.168.1.1
and is giving my firewall the outside IP 192.168.1.9
there is no inside IP address. I can't arbitrary assign an inside IP address under the same subnet as outside one.
Thanks
02-10-2008 05:39 PM
Kadri,
I see and understand your scenario, so what you are saying is that your inside interface has not IP address, are your inside hosts if any under the same IP scheme as the 192.168.1.0 network?, if you want to manage the firewall through the outside interface it will need to be done through SSH sessions as you cannot https to the firewall via outside interface. I would highly recommend to build a new IP scheme for your inside private network different from your outside/Verizon ip scheme and thus be able to trully hide your inside private LAN from the outside..hope this makes sence to you.
Rgds
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide