Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Change outside Interface IP on running PIX 501

Hello,

I have a running PIX501 with VPN service, accesslists and nats. I want to change the external IP address on the box. which is the efficient way to do this without disruption the currrent configuration.

thank you,

travis,

3 REPLIES
Cisco Employee

Re: Change outside Interface IP on running PIX 501

You're going to have to "disrupt the current config" to do this. In fact, you're going to have to change any access-lists that reference this IP address, plus if you're running a VPN service, you're going to have to tell all your VPN clients that they need to connect to a new address now (or if it's a LAN-to-LAN tunnel then you'll need to change the other device to point to the new address).

This could turn into a major change, so some though needs to go into it.

As far as actually doing it though, just entering the new "ip address outside ..." command will make the change. For any static's and ACL's that reference the old address, add in new ones and then do "no ...." for all the old commands to get rid of them. For the VPN, you probably don't need to change anything on this PIX, but you'll have to change the other device or all your clients to use the new address. Resetting the tunnel with "clear cry isa" and "clear cry sa" will probably be necessary also.

New Member

Re: Change outside Interface IP on running PIX 501

i expect to change all my access-lists that use the outside ethernet. I just hope I don't need to reconfigure the vpn service. it shouldn't because vpn commands do not bind to the external ip address.

what does "clear cry isa" & "clear cry sa" do?

thank you,

travis,

Cisco Employee

Re: Change outside Interface IP on running PIX 501

You shouldn't need to change the VPN config on this PIX, but you will need to change it on whatever is connecting to this PIX.

The clear commands I mentioned clear the VPN tunnel(s) on the PIX so that they can be rebuilt properly. You will suffer a VPN outage when you change the IP address, and so you'll need to clear everything on the PIX so that it can be rebuilt properly.

607
Views
0
Helpful
3
Replies