Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
300
Views
4
Helpful
3
Replies

Simplify PIX configuration changes?

kirbyellis
Level 1
Level 1

‎05-17-2006 04:00 PM - edited ‎02-21-2020 12:54 AM

I have recently had an application move from one server to another. Is it posibble to simply redefine the "names" statement to use the new IP address?

eg: previous statement;

name 10.1.1.1 WEB_SERVER

proposed statement;

name 192.168.1.1 WEB_SERVER

This would allow me to perform only the single config change, as the name is already associated with an object-group, and that group is associated with an existing rule.

Thanks in advance.

Cheers, Kirby.

0 Helpful
3 Replies 3

Fernando_Meza
Level 7
Level 7

‎05-17-2006 04:56 PM

Hi ... that will be great but unfortunately it is not possible. This is what would happend.

1.- when you type in no name 10.1.1.1 WEB_SERVER ( as you can't have a name map to 2 IP addresses at the same time ). All you entries referencing to WEB_SERVER will show up as 10.1.1.1.

2.- When you type in name 192.168.1.1 WEB_SERVER to "remap"the name .. the old references to WEB_SERVER will remain as 10.1.1.1 and only new entries will be mapped.

I suggest you to :

1.- type in show run | inc WEB_SERVER and copy the output to notepad.

2.- Rename the map accordingly

3.- Find/Replace WEB_SERVER by 192.168.1.1 from the output on point 1.

4.- You can apply the new config accrodingly by copying and pasting

5.- Remove any reference to 10.1.1.1

No nice .. but it is the only way ...

I hope it helps ... please rate it if it does !!!

kirbyellis
Level 1
Level 1
In response to Fernando_Meza

‎05-18-2006 07:16 PM

What if I first remove the mapping of

object-group network SERVERS

no network-object host WEB_SERVER

and then re-define the IP address of WEB_SERVER from:

name 10.1.1.1 WEB_SERVER

name 192.168.1.1 WEB_SERVER

I know that this is one more step than I originally intended, but I think it should still work.

Whadyareckon?

0 Helpful

Fernando_Meza
Level 7
Level 7
In response to kirbyellis

‎05-18-2006 08:47 PM

hi .. wait .. are you referencing the WEB_SERVER on the access-list by using the object-group SERVERS. Because if that is the case then yes .. you are correct .. I thought your access-list was referencing your server by its host name WEB_SERVER ..

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card