Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX 501

I can't use the https://192.168.1.1 to configure the pix because my ISP router has the same address?

any idea?

thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: PIX 501

Kadri,

I see and understand your scenario, so what you are saying is that your inside interface has not IP address, are your inside hosts if any under the same IP scheme as the 192.168.1.0 network?, if you want to manage the firewall through the outside interface it will need to be done through SSH sessions as you cannot https to the firewall via outside interface. I would highly recommend to build a new IP scheme for your inside private network different from your outside/Verizon ip scheme and thus be able to trully hide your inside private LAN from the outside..hope this makes sence to you.

Rgds

Jorge

3 REPLIES

Re: PIX 501

simply configure PIX inside interface with different IP that is not being used, e.g you could use 192.168.1.2/24

console to the pix and issue.

PIX(config)#

no ip address inside 192.168.1.1 255.255.255.0

ip address inside 192.168.1.2 255.255.255.0

in case this is not in config enable http server.

PIX(config)#http server enable

Allow admin to PIX from any host on inside subnet 192.168.1.0

PIX(config)#http 192.168.1.0 255.255.255.0 inside

Allow telnet admin

PIX(config)#telnet 192.168.1.0 255.255.255.0 inside

You shoud be all set with these settings.

Rgds

Jorge

Community Member

Re: PIX 501

Thanks Jorge. I maybe did not explain it correctly.

The (verizon)router has the IP address 192.168.1.1

and is giving my firewall the outside IP 192.168.1.9

there is no inside IP address. I can't arbitrary assign an inside IP address under the same subnet as outside one.

Thanks

Re: PIX 501

Kadri,

I see and understand your scenario, so what you are saying is that your inside interface has not IP address, are your inside hosts if any under the same IP scheme as the 192.168.1.0 network?, if you want to manage the firewall through the outside interface it will need to be done through SSH sessions as you cannot https to the firewall via outside interface. I would highly recommend to build a new IP scheme for your inside private network different from your outside/Verizon ip scheme and thus be able to trully hide your inside private LAN from the outside..hope this makes sence to you.

Rgds

Jorge

129
Views
0
Helpful
3
Replies
CreatePlease to create content