Need to change internal IP address scheme - don't want to kill the Pix config!

Unanswered Question

Our firewall guy is in the hospital

and I got this project thrown at me.  We have a Pix 515 that does NAT for our network and we need to change our whole internal IP

address scheme.  we are on 192.168.10.0 now and it needs ot move to something like 192.168.

40.0.  i am a pix newbie and don't want to destroy the config.


i know the inside int has to change but i need help on which nat command to change etc.


any help is greatly appreciated.

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nagaraja Thanthry Wed, 08/11/2010 - 17:06
User Badges:
  • Cisco Employee,

Hello,


Here is the configuration with 192.168.40.x addresses:


name 192.168.40.1 PCOAPCN


name 192.168.40.0


name 192.168.40.31 VOIP


name 192.168.40.5 Intergy


name 192.168.40.7 Intergy2


access-list inside_outbound_nat0_acl permit ip 192.168.40.0 255.255.255.0

192.168.201.0 255.255.255.128


access-list inside_outbound_nat0_acl permit ip 192.168.40.0 255.255.255.0

172.16.0.0 255.255.0.0


access-list inside_outbound_nat0_acl permit ip 192.168.40.0 255.255.255.0

192.168.5.0 255.255.255.0


access-list outside_cryptomap_20 permit ip 192.168.40.0 255.255.255.0

172.16.0.0 255.255.0.0


access-list outside_cryptomap_20 permit ip 192.168.40.0 255.255.255.0

192.168.5.0 255.255.255.0


access-list PainCenter_splitTunnelAcl permit ip 192.168.40.0 255.255.255.0

any


icmp permit 192.168.40.0 255.255.255.0 inside


ip address inside 192.168.40.100 255.255.255.0


no static (inside,outside) x.x.x.x 192.168.10.1 netmask 255.255.255.255 0 0


no static (inside,outside) x.x.x.x 192.168.10.5 netmask 255.255.255.255 0 0


no static (inside,outside) x.x.x.x 192.168.10.7 netmask 255.255.255.255 0 0


static (inside,outside) x.x.x.x 192.168.40.1 netmask 255.255.255.255 0 0


static (inside,outside) x.x.x.x 192.168.40.5 netmask 255.255.255.255 0 0


static (inside,outside) x.x.x.x 192.168.40.7 netmask 255.255.255.255 0 0


no route inside 192.168.20.0 255.255.255.0 192.168.40.98 1


route inside 192.168.20.0 255.255.255.0 192.168.40.98 1


ssh 192.168.40.0 255.255.255.0 inside

=====================================


As long as you are not using 192.168.10.0 somewhere in your subnets, you do

not need to worry immediately about other 192.168.10.x lines.


Hope this helps.


Regards,


NT

Actions

This Discussion