ral steps must be taken in order to resume Internet connectivity through the PIX firewall after the Internet Service Provider (ISP) is changed:
The PIX firewall maintains an Address Resolution Protocol (ARP) table in order to remember the hardware addresses of connected devices and the Internet Protocol (IP) addresses that correspond.
When any connected device is changed, for example the ISP modem or the router connected on the outside interface, the hardware address also changes. Issue the clear command for the ARP table stored in the PIX firewall in order to allow the firewall to build a new ARP table that accommodates the new hardware address and its corresponding IP address.
If a new block of IP addresses is to be used as the public IP address, it is necessary to make changes in a few or all of the translation rules and access-list commands already applied in the configuration. This allows the hosts or servers in the private network to be mapped with the new block of IP addresses provided by the new ISP. Changes must also be made in the access-list rules so that the inbound traffic can be denied or permitted in accordance with the new set of IP addresses.
Complete these steps when the ISP is changed in order to ensure proper Internet connectivity:
Note: In addition to all the steps previously mentioned, whenever there is any topology change, for example if you replace any mail server or ftp server hardware or its ip address, it is necessary to make sure that you also update the NAT/PAT rules and open the ports on PIX with the use of the access-list command.