Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
360
Views
0
Helpful
3
Replies

PIX 501

Go to solution
kbrogi
Level 1
Level 1

‎02-09-2008 05:57 PM - edited ‎03-11-2019 05:00 AM

I can't use the https://192.168.1.1 to configure the pix because my ISP router has the same address?

any idea?

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to kbrogi

‎02-10-2008 05:39 PM

Kadri,

I see and understand your scenario, so what you are saying is that your inside interface has not IP address, are your inside hosts if any under the same IP scheme as the 192.168.1.0 network?, if you want to manage the firewall through the outside interface it will need to be done through SSH sessions as you cannot https to the firewall via outside interface. I would highly recommend to build a new IP scheme for your inside private network different from your outside/Verizon ip scheme and thus be able to trully hide your inside private LAN from the outside..hope this makes sence to you.

Rgds

Jorge

Jorge Rodriguez

View solution in original post

0 Helpful
3 Replies 3

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎02-09-2008 06:40 PM

simply configure PIX inside interface with different IP that is not being used, e.g you could use 192.168.1.2/24

console to the pix and issue.

PIX(config)#

no ip address inside 192.168.1.1 255.255.255.0

ip address inside 192.168.1.2 255.255.255.0

in case this is not in config enable http server.

PIX(config)#http server enable

Allow admin to PIX from any host on inside subnet 192.168.1.0

PIX(config)#http 192.168.1.0 255.255.255.0 inside

Allow telnet admin

PIX(config)#telnet 192.168.1.0 255.255.255.0 inside

You shoud be all set with these settings.

Rgds

Jorge

Jorge Rodriguez
0 Helpful

Go to solution
kbrogi
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎02-10-2008 04:57 PM

Thanks Jorge. I maybe did not explain it correctly.

The (verizon)router has the IP address 192.168.1.1

and is giving my firewall the outside IP 192.168.1.9

there is no inside IP address. I can't arbitrary assign an inside IP address under the same subnet as outside one.

Thanks

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to kbrogi

‎02-10-2008 05:39 PM

Kadri,

I see and understand your scenario, so what you are saying is that your inside interface has not IP address, are your inside hosts if any under the same IP scheme as the 192.168.1.0 network?, if you want to manage the firewall through the outside interface it will need to be done through SSH sessions as you cannot https to the firewall via outside interface. I would highly recommend to build a new IP scheme for your inside private network different from your outside/Verizon ip scheme and thus be able to trully hide your inside private LAN from the outside..hope this makes sence to you.

Rgds

Jorge

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card