Need to change internal IP address scheme - don't want to kill the Pix config!

Unanswered Question

Our firewall guy is in the hospital

and I got this project thrown at me.  We have a Pix 515 that does NAT for our network and we need to change our whole internal IP

address scheme.  we are on 192.168.10.0 now and it needs ot move to something like 192.168.

40.0.  i am a pix newbie and don't want to destroy the config.

i know the inside int has to change but i need help on which nat command to change etc.

any help is greatly appreciated.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nagaraja Thanthry Wed, 08/11/2010 - 17:06

Hello,

Here is the configuration with 192.168.40.x addresses:

name 192.168.40.1 PCOAPCN

name 192.168.40.0

name 192.168.40.31 VOIP

name 192.168.40.5 Intergy

name 192.168.40.7 Intergy2

access-list inside_outbound_nat0_acl permit ip 192.168.40.0 255.255.255.0

192.168.201.0 255.255.255.128

access-list inside_outbound_nat0_acl permit ip 192.168.40.0 255.255.255.0

172.16.0.0 255.255.0.0

access-list inside_outbound_nat0_acl permit ip 192.168.40.0 255.255.255.0

192.168.5.0 255.255.255.0

access-list outside_cryptomap_20 permit ip 192.168.40.0 255.255.255.0

172.16.0.0 255.255.0.0

access-list outside_cryptomap_20 permit ip 192.168.40.0 255.255.255.0

192.168.5.0 255.255.255.0

access-list PainCenter_splitTunnelAcl permit ip 192.168.40.0 255.255.255.0

any

icmp permit 192.168.40.0 255.255.255.0 inside

ip address inside 192.168.40.100 255.255.255.0

no static (inside,outside) x.x.x.x 192.168.10.1 netmask 255.255.255.255 0 0

no static (inside,outside) x.x.x.x 192.168.10.5 netmask 255.255.255.255 0 0

no static (inside,outside) x.x.x.x 192.168.10.7 netmask 255.255.255.255 0 0

static (inside,outside) x.x.x.x 192.168.40.1 netmask 255.255.255.255 0 0

static (inside,outside) x.x.x.x 192.168.40.5 netmask 255.255.255.255 0 0

static (inside,outside) x.x.x.x 192.168.40.7 netmask 255.255.255.255 0 0

no route inside 192.168.20.0 255.255.255.0 192.168.40.98 1

route inside 192.168.20.0 255.255.255.0 192.168.40.98 1

ssh 192.168.40.0 255.255.255.0 inside

=====================================

As long as you are not using 192.168.10.0 somewhere in your subnets, you do

not need to worry immediately about other 192.168.10.x lines.

Hope this helps.

Regards,

NT

Actions

This Discussion