Re: PIX 506E ISP Change

d.donovan · ‎02-26-2007

I am running Pix version 6.2(2) and I am switching ISP's and need to know all of the changes needed to do this. We have one internal network server running and managing the internal IP's for the network. The PIX has an internal IP number assigned that I assume I will not have to change. What I will have to change is the static IP for the firewall from the new ISP.

Here is what I have tried to change so far which has not allowed the connection to happen

1. IP Address Outside ?changed to the new static IP number provided by the ISP and the new subnet mask.

2. Route Outside ? changed to the new gateway provided by the ISP

I need to know what other items need to be changed in order for this connection to work.

I also do not see where to put in the DNS numbers (if needed) and the manual I have only has one reference, in the mail server information which I do not have a mail server internally.

This is what I would consider the most basic network setup out there; one internal server managing its own IP numbers and a firewall to get to the internet for e-mail and the WWW. This has led to much disappointment at me by me that I cannot figure this out.

Thanks for any help in advance.

Jon Marshall · ‎02-26-2007

Hi

Can you ping the new gateway provided by the ISP.

As far as your NAT is concerned are you Natting all traffic to the public IP address of your pix firewall ie.

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

or something along those lines.

HTH

Jon

d.donovan · ‎02-26-2007

Thanks for the response Jon

I cannot ping the new gateway - I actually get a red light on the router when I connect to the firewall after I make the changes I think I need to make for the new ISP.

You are also exactly correct about the NAT.

Jon Marshall · ‎02-26-2007

Hi

Is it a different router than the one you used to have ?

Are you connecting the router directly to the firewall without the use of a switch. If so you need to:

1) Make sure you are using a cross over cable.

2) Check duplex and speed settings. Could you get the provider to check what settings they have put on their router

3) Just to be safe can you ensure that the provider has actually not shutdown the interface you are connecting to.

HTH

Jon

d.donovan · ‎02-26-2007

The router is different - provided by the new ISP. I am also connecting through a switch.

The only thing I am trying to do is take the cable from the old ISP's router to the new ISP's router. I can also see that there appears to be a connection out because the green connected light is on to the line. When I plug the cable in to the router a green light comes on then shortly changes to a red light for the ethernet line 1 but the connection out light is still green.

Thanks again

Jon Marshall · ‎02-26-2007

Hi

Okay as long as you are using a straight thru rj45 cable it definitely sounds like a speed/duplex mismatch.

Just to be clear - it is the router interface that changes to red ?

If you haven't got access to provider router then you can keep changing the speed and duplex of the switch port to see if that makes any difference.

HTH

Jon

d.donovan · ‎02-26-2007

Oops. I am connecting right from the router to the PIX sorry for the error there. You are correct about the router interface changing to red. It is also a straight through cable being used to connect the router to the firewall.

Jon Marshall · ‎02-26-2007

Hi

You should be using a cross over cable to connect to router to a pix firewall.

HTH

Jon