Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
603
Views
0
Helpful
2
Replies

Need to change internal IP address scheme - don't want to kill the Pix config!

bchyka
Level 1
Level 1

‎08-11-2010 04:38 PM - edited ‎03-11-2019 11:24 AM

Our firewall guy is in the hospital

and I got this project thrown at me.  We have a Pix 515 that does NAT for our network and we need to change our whole internal IP

address scheme.  we are on 192.168.10.0 now and it needs ot move to something like 192.168.

40.0.  i am a pix newbie and don't want to destroy the config.

i know the inside int has to change but i need help on which nat command to change etc.

any help is greatly appreciated.

Labels:
70354-pcpix.TXT.zip
0 Helpful
2 Replies 2

Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎08-11-2010 05:06 PM

Hello,

Here is the configuration with 192.168.40.x addresses:

name 192.168.40.1 PCOAPCN

name 192.168.40.0

name 192.168.40.31 VOIP

name 192.168.40.5 Intergy

name 192.168.40.7 Intergy2

access-list inside_outbound_nat0_acl permit ip 192.168.40.0 255.255.255.0

192.168.201.0 255.255.255.128

access-list inside_outbound_nat0_acl permit ip 192.168.40.0 255.255.255.0

172.16.0.0 255.255.0.0

access-list inside_outbound_nat0_acl permit ip 192.168.40.0 255.255.255.0

192.168.5.0 255.255.255.0

access-list outside_cryptomap_20 permit ip 192.168.40.0 255.255.255.0

172.16.0.0 255.255.0.0

access-list outside_cryptomap_20 permit ip 192.168.40.0 255.255.255.0

192.168.5.0 255.255.255.0

access-list PainCenter_splitTunnelAcl permit ip 192.168.40.0 255.255.255.0

any

icmp permit 192.168.40.0 255.255.255.0 inside

ip address inside 192.168.40.100 255.255.255.0

no static (inside,outside) x.x.x.x 192.168.10.1 netmask 255.255.255.255 0 0

no static (inside,outside) x.x.x.x 192.168.10.5 netmask 255.255.255.255 0 0

no static (inside,outside) x.x.x.x 192.168.10.7 netmask 255.255.255.255 0 0

static (inside,outside) x.x.x.x 192.168.40.1 netmask 255.255.255.255 0 0

static (inside,outside) x.x.x.x 192.168.40.5 netmask 255.255.255.255 0 0

static (inside,outside) x.x.x.x 192.168.40.7 netmask 255.255.255.255 0 0

no route inside 192.168.20.0 255.255.255.0 192.168.40.98 1

route inside 192.168.20.0 255.255.255.0 192.168.40.98 1

ssh 192.168.40.0 255.255.255.0 inside

=====================================

As long as you are not using 192.168.10.0 somewhere in your subnets, you do

not need to worry immediately about other 192.168.10.x lines.

Hope this helps.

Regards,

NT

0 Helpful

bchyka
Level 1
Level 1
In response to Nagaraja Thanthry

‎08-11-2010 07:54 PM

That did it...now I just need to do some cleanup...I really appreciate your quick response!

Bob

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card