cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1940
Views
0
Helpful
7
Replies

PIX 520 static inside outside.

wkim
Level 1
Level 1

I am trying to change static command in pix 520.

Currently, I have it set for (static inside, outside 172.16.1.0 172.16.1.0 netmask 255.255.255.0 0 0)

This is going to allow 172.16.1.0 network.

However, I am running out of 172.16.1.0 network IP.

So I have decide to allow (172.16.0.0 network)

I try add to add (static inside outside 172.16.0.0 172.16.0.0 netmask 255.255.0.0 0 0) but its says 172.16.0.0: That address already statically translate.

Does anyone know, how I can change the static command.

ex.

static (inside,outside) 172.16.1.0 172.16.1.0 netmask 255.255.255.0 0 0

conduit permit tcp host 172.16.1.30 eq 443 any

conduit permit tcp host 172.16.1.11 eq smtp any

conduit permit tcp host 172.16.1.11 eq 143 any

conduit permit tcp host 172.16.1.11 eq pop3 any

conduit permit tcp host 172.16.1.30 eq www any

conduit permit tcp host 172.16.1.150 eq smtp any

conduit permit tcp host 172.16.1.150 eq pop3 any

conduit permit tcp host 172.16.1.150 eq 143 any

conduit permit tcp host 172.16.1.10 eq smtp any

conduit permit tcp host 172.16.1.10 eq 143 any

no rip outside passive

no rip outside default

no rip inside passive

no rip inside default

route outside 0.0.0.0 0.0.0.0 172.16.1.5 1

route inside 0.0.0.0 255.255.0.0 172.16.1.7 2

timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00

timeout rpc 0:10:00 h323 0:05:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

William

7 Replies 7

jscinocca
Level 1
Level 1

hey bro

the easy way take out the old one and put the new one in.

172.16.0.0/16

PIX doesn't really know the the 172.16.1.0/24 is a 24 bit subnet. Because that class of IP is 16 bit

just remove and add

Yes I have tried to remove it but it won't.

no static (inside,outside) 172.16.1.0. 172.16.1.0 netmask 255.255.255.0 0

static (inside,outside) 172.16.0.0. 172.16.0.0 netmask 255.255.0.0 0 0

It won't do it.

I am not sure, but it might be because you have active conduit statements that disallow you to remove the static command. Try removing the conduits, remove the static, reinstate your new static and enter the conduits.

gogle
Level 1
Level 1

Remember that when you remove a static you should also clear xlate so that any established sessions are flushed. Once you add the new one it should work.

williamkim
Level 1
Level 1

Thanks guys

It makes total sense.

I have to remove to active conduits first and clear xlate.

William

markvtran
Level 1
Level 1

You should delete the old static commands before putting in the new one. Or you can add

"static (inside,outside) 172.16.2.0 172.16.2.0 netmask 255.255.255.0 0 0"

and use the new "2" subnet.

I would probably add another static instead of deleting old static commands.

static (inside,outside) 172.16.1.0 172.161.0 netmask 255.255.255.0 0 0

static (inside,outside) 172.16.2.0 172.16.2.0 netmask 255.255.255.0 0 0

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: