Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
0
Helpful
3
Replies

Can't add public IP address to inside interface

matt.slaga
Level 4
Level 4

‎05-22-2006 07:19 PM - last edited on ‎03-25-2019 05:08 PM by Community Manager

I am trying to use the PIX strictly as a firewall (no NAT). However, when I attempt to add an inside ip address to ethernet 1 (for example 12.x.x.65 255.255.255.192) it errors out with "Interface inside ip address or netmask not valid". I've got the outside interface with say 12.150.0.1/28 and DMZ with 12.150.0.17/28 and Ethernet3 hosts with 12.x.x.129/25 without any errors. Any ideas?

Pix 7.1(2), PIX 515E

Interestingly enough, I rebooted the PIX and was still unable to add the ip address. I added another IP address to the interface and was then able to change it to the above address without an error. Just in case anyone else runs into this.

Labels:
0 Helpful
3 Replies 3

a.kiprawih
Level 7
Level 7

‎05-22-2006 11:38 PM

Hi,

Could it be due to address/subnet allocation?

Subnet ID Subnet Mask Valid Addresses Bcast Add

-------------- -------------------- ------------------------ ---------------

*Inside : 10.150.0.64 255.255.255.192/26 10.150.0.65 to 10.150.0.126 10.150.0.127

Outside : 10.150.0.0 255.255.255.240/28 10.150.0.1 to 10.150.0.14 10.150.0.15

DMZ : 10.150.0.16 255.255.255.240/28 10.150.0.17 to 10.150.0.30 10.150.0.31

E3 : 10.150.0.128 255.255.255.128/25 10.150.0.129 to 10.150.0.254 10.150.0.255

Subnet ID Subnet Mask Valid Addresses Bcast Add

--------------- ------------------- --------------- ---------

1st Block of /28:

1. 10.150.0.0 255.255.255.240 10.150.0.1 to 10.150.0.14 10.150.0.15 - used for Outside

2. 10.150.0.16 255.255.255.240 10.150.0.17 to 10.150.0.30 10.150.0.31 - used for DMZ

*available for Inside:

3. 10.150.0.32 255.255.255.240 10.150.0.33 to 10.150.0.46 10.150.0.47

4. 10.150.0.48 255.255.255.240 10.150.0.49 to 10.150.0.62 10.150.0.63

5. 10.150.0.64 255.255.255.240 10.150.0.65 to 10.150.0.78 10.150.0.79

6. 10.150.0.80 255.255.255.240 10.150.0.81 to 10.150.0.94 10.150.0.95

7. 10.150.0.96 255.255.255.240 10.150.0.97 to 10.150.0.110 10.150.0.111

8. 10.150.0.112 255.255.255.240 10.150.0.113 to 10.150.0.126 10.150.0.127

9. 10.150.0.128 255.255.255.240 10.150.0.129 to 10.150.0.142 10.150.0.143

2nd Block of /28:

1. 10.150.0.128 255.255.255.128 10.150.0.129 to 10.150.0.254 10.150.0.255 - used for E3 range

Rgds,

AK

0 Helpful

matt.slaga
Level 4
Level 4
In response to a.kiprawih

‎05-23-2006 06:07 AM

It worked, I just had to enter another ip address first, then I was able to change it. Smells like a bug.

0 Helpful

a.kiprawih
Level 7
Level 7

‎05-23-2006 05:51 PM

Maybe you should report it, as it'll really help others with similar issue.. :)

Rgds,

AK

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents