Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
2
Replies

PIX 515e interface question

mcsfirewall
Level 1
Level 1

‎04-14-2005 12:55 PM - edited ‎02-21-2020 12:05 AM

I am configuring a PIX515e for our branch office with a site-to-site VPN. I need to change the internal interface (Ethernet1) to match the internal address of the network in the office (currently assigned 192.168.2.0-192.l168.2.255).

I go into the PDM and change the address to 192.168.2.1 255.255.255.0. It throws out errors. Then when I try to log onto the old default address to reaccess the PIX it won't work. So I reboot and log into the console and show the config and it declares the inside interface is now 192.168.2.1. Yet when I try to get to the PIX at that address it will not work either.

I changed the PDM Location to update to the supposed new inside interface address and reboot both firewall and laptop. Still nothing.

Does the interface allow for a change like I am attempting to make. While on one hand it states the change is made, nothing else recognizes it and the PDM is no longer available.

A related question - can both internal networks (the one here and the branch office) have 192.168.1.0 internal addresses and still use the site-to-site VPN with no trouble?

Thanks

0 Helpful
2 Replies 2

sachinraja
Level 9
Level 9

‎04-16-2005 05:45 AM

Hii

You cannot have the same networks at both the ends of a site-to-site tunnel.. in case you have, you need to some sort of translation at one of the ends (NAT or PAT) to translate the address and make it visible through some other range of IPs..

Incase you are doing a new implementatin, use differernt IP subnets for both the ends.. otherwise u will have unnecessary overloads.. If it is an already existing network, try doing NAT/PAT before putting the packets to the other end, so that the remote LAN will not have overlapping addresses.

see this URL for an example:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml

let me know if this helps..

Raj

0 Helpful

fedrodri
Level 1
Level 1
In response to sachinraja

‎04-17-2005 10:00 PM

Raj is correct. Also, just a little note regarding the problem loading the PDM after the IP address change. Make sure that you have something like this, in order to be able to lunch PDM:

http 0.0.0.0 0.0.0.0 inside

I guess that you just have something like "http 192.168.1.0 255.255.255.0 inside"

Federico.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card