Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
238
Views
0
Helpful
2
Replies

Remotely change outside IP and Gateway of PIX 50x???

rbade
Level 1
Level 1

‎07-05-2006 04:35 PM - edited ‎02-21-2020 01:01 AM

Customer has a new ISP at a remote location and is needing to reconfigure the PIX. Having anyone onsite with the skills to do anything more than plug it in is questionable at best. Trying to avoid talking someone through the IP and route configuration is not on my list of things I look forward to. Is there a way with 6.3.x code to connect remotely via the Internet, change outside IP, Default Route, and related items in a way that allows someone to connect it to the new ISP and have connectivity established??

There is bound to be a common way to accomplish this that is escaping me right now.

Thanks!

0 Helpful
2 Replies 2

Fernando_Meza
Level 7
Level 7

‎07-05-2006 07:18 PM

Hi ..

Unfortunately I think your are going to need somebody onsite in case something goes wrong ..

You could copy the current config from the PIX to a TFTP ( let's say 10.1.1.1) server located on the inside network.

write net 10.1.1.1:/pixconfig

Use an editor to modify this file accordingly - I suggest you to modify the Ip address, default gateway, and ssh access so that you can connect to it remotely after the changes are applied. Save the changes

Then copy the config back from the tftp server to the PIX using the below command. At this stage you will loss connectivity to the PIX.

configure net 10.1.1.1:/pixconfig

Re-cable the PIX to the new ISP router and .. keep you finger cross ... your PIX should be reachable

Log to the PIX ( now using the new IP addres) and change any thing else you need.

I hope it helps ... please rate it if it does !!!

0 Helpful

a.kiprawih
Level 7
Level 7

‎07-06-2006 01:40 PM

Hi,

I assumed the unit has been sent to remote location.

What is the model of the PIX? PIX501/606E has default configuration to automatically obtained DHCP from ISP. Other models (515E,525/535) need human intervention toi configure it.

If the unit is already at customer's office, and you know the model, plus other info like no of interfaces and versions, then you might consider preparing basic config to allow it to be accessed from outside/interbet via SSH or HTTPS. Send it to the remote site, but you still need someone to console in and paste the basic config. This is probably the non-technical job they can do.

For example, enable the outside interface & assign IP, generate self certificate (using crypto ca generate rsa key 1024>) for ssh usage, assign hostname & domain name, allow ssh & http from outside (use all zeros), and route statement. Also, enable ICP to reach outside interface (command: icmp permit icmp any outside). Make sure they used correct cable for PIX's outside interface connectivity to internet router.

Once done, ask the person to ping to any outside/internet IP to test/verify connectivity from PIX before you access it.

Rgds,

AK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card