Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX newbie, IP settings

I'm setting up a 506e for the first time. I want to change the inside IP address to 192.168.0.1 (DHCP server disabled), but PIX complains that address is not in DHCP pool. I can't change pool without conflict with network address.

Why won't PIX allow a networy address change if DHCP server is disabled?

Help, please!

Regards,

dpm

1 ACCEPTED SOLUTION

Accepted Solutions
cbz
New Member

Re: PIX newbie, IP settings

pixfirewall# config t

pixfirewall(config)# no ip address inside dhcp

pixfirewall(config)# ip address inside 192.168.0.1 255.255.255.0

Interface address is not on same subnet as DHCP pool

pixfirewall(config)# exit

pixfirewall#

The error has something to do with DHCP pool. Honestly it appears to be a bug since DHCP is disabled.

Just remove the references below and hopefully it will work.

Do a the following;

config t

no dhcpd address 192.168.1.2-192.168.1.254 inside

no dhcpd lease 3600

ip address inside 192.168.0.1 255.255.255.0

exit

wr me

Let me know if it works.

17 REPLIES
New Member

Re: PIX newbie, IP settings

Please post config and I can help you

New Member

Re: PIX newbie, IP settings

Sorry, I'm *really* a newbie. How do I extract the current config as a text file? I'm using the PDM tool.

Thanks,

dpm

New Member

Re: PIX newbie, IP settings

Your gonna need to lose the PDM thingy. I would suggest getting the free terminal program called "putty" and then use it to telnet into the pix. Once you are into the pix using putty you can issue the sh run command. Right click in the putty header bar (at top of screen) and select 'copy all to clipboard'. Open up your wordpad/notepad and then right click and do a 'paste'. From here you can print, copy whatever the configuration text.

Really need to see the config in order to be helpful.

putty client can be found at

http://www.chiark.greenend.org.uk/~sgtatham/putty/

New Member

Re: PIX newbie, IP settings

I got putty. If I choose "SSH" it replies "connection refused"; if I select "telnet" putty just exits.

I'm really sorry to be a pain, but I don't understand why this is so difficult.

Regards,

dpm

New Member

Re: PIX newbie, IP settings

I am assuming that you are entering the correct IP for the telnet session. Sounds like you do not have telnet enabled on the PIX. Can you check that with PDM. Not really so difficult but virtually no one that is responsible for a PIX uses the PDM. So I guess I am at a disadvantage in that I have just barely seen what the PDM interface looks like.

New Member

Re: PIX newbie, IP settings

While in the PDM, go to File, Show Running config in New Window, login and then do a file, save as, change the file type to text and save it where you want it.

New Member

Re: PIX newbie, IP settings

Thanks.

Config attached.

Regards,

dpm

New Member

Re: PIX newbie, IP settings

you have the following dhcp entries in your config

dhcpd address 192.168.1.2-192.168.1.254 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

I think you can remove these by issuing a 'no dhcpd' command while in the pix. Note the d at the end of dhcpd

Additionally you have no telnet or ssh set up your pix so you will need to console in with the blue cisco cable that came with your pix. Do this using hyperterminal and the com settings are

9600

n

8

1

Additionally note that in order for the pix to work you must have a different subnet on each side (inside/outside)

cbz
New Member

Re: PIX newbie, IP settings

What IP address is currently on inside interface?

Also what version of code are you running?

New Member

Re: PIX newbie, IP settings

IP address is factory default: 192.168.1.1

The 506e is running 6.3(5).

Thanks,

dpm

cbz
New Member

Re: PIX newbie, IP settings

Can you console into the switch and change the IP address?

You may have to do the following commands;

enable

config t

no ip address inside dhcp

ip address inside 192.168.0.1 255.255.255.0

exit

wr me

I will try to look at the PDM and figure out how to accomplish the same thing.

New Member

Re: PIX newbie, IP settings

Here's what I got:

pixfirewall# config t

pixfirewall(config)# no ip address inside dhcp

pixfirewall(config)# ip address inside 192.168.0.1 255.255.255.0

Interface address is not on same subnet as DHCP pool

pixfirewall(config)# exit

pixfirewall#

Odd, huh?

Thanks,

Dean

cbz
New Member

Re: PIX newbie, IP settings

From your config, the inside interface has a DHCP pool configured. Do you want the inside interface to act as a DHCP server? If not I would just remove all references for the pool.

dhcpd address 192.168.1.2-192.168.1.254 inside

dhcpd lease 3600

cbz
New Member

Re: PIX newbie, IP settings

Do a the following;

config t

no dhcpd address 192.168.1.2-192.168.1.254 inside

no dhcpd lease 3600

ip address inside 192.168.0.1 255.255.255.0

exit

wr me

New Member

Re: PIX newbie, IP settings

Well, PDM shows the DHCP servers disabled on both ports.

dpm

cbz
New Member

Re: PIX newbie, IP settings

pixfirewall# config t

pixfirewall(config)# no ip address inside dhcp

pixfirewall(config)# ip address inside 192.168.0.1 255.255.255.0

Interface address is not on same subnet as DHCP pool

pixfirewall(config)# exit

pixfirewall#

The error has something to do with DHCP pool. Honestly it appears to be a bug since DHCP is disabled.

Just remove the references below and hopefully it will work.

Do a the following;

config t

no dhcpd address 192.168.1.2-192.168.1.254 inside

no dhcpd lease 3600

ip address inside 192.168.0.1 255.255.255.0

exit

wr me

Let me know if it works.

New Member

Re: PIX newbie, IP settings

Your procedure seemed to work - I can now ping the inside port at 192.168.0.1. I lost contact with the internal web server, but when I changed it's address to 192.168.0.1 it started working again.

Thanks for your help.

Regards,

dpm

193
Views
0
Helpful
17
Replies