Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2068
Views
0
Helpful
7
Replies

PIX 520 static inside outside.

wkim
Level 1
Level 1

‎10-18-2001 03:35 PM - edited ‎02-20-2020 09:52 PM

I am trying to change static command in pix 520.

Currently, I have it set for (static inside, outside 172.16.1.0 172.16.1.0 netmask 255.255.255.0 0 0)

This is going to allow 172.16.1.0 network.

However, I am running out of 172.16.1.0 network IP.

So I have decide to allow (172.16.0.0 network)

I try add to add (static inside outside 172.16.0.0 172.16.0.0 netmask 255.255.0.0 0 0) but its says 172.16.0.0: That address already statically translate.

Does anyone know, how I can change the static command.

ex.

static (inside,outside) 172.16.1.0 172.16.1.0 netmask 255.255.255.0 0 0

conduit permit tcp host 172.16.1.30 eq 443 any

conduit permit tcp host 172.16.1.11 eq smtp any

conduit permit tcp host 172.16.1.11 eq 143 any

conduit permit tcp host 172.16.1.11 eq pop3 any

conduit permit tcp host 172.16.1.30 eq www any

conduit permit tcp host 172.16.1.150 eq smtp any

conduit permit tcp host 172.16.1.150 eq pop3 any

conduit permit tcp host 172.16.1.150 eq 143 any

conduit permit tcp host 172.16.1.10 eq smtp any

conduit permit tcp host 172.16.1.10 eq 143 any

no rip outside passive

no rip outside default

no rip inside passive

no rip inside default

route outside 0.0.0.0 0.0.0.0 172.16.1.5 1

route inside 0.0.0.0 255.255.0.0 172.16.1.7 2

timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00

timeout rpc 0:10:00 h323 0:05:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

William

0 Helpful
7 Replies 7

jscinocca
Level 1
Level 1

‎10-18-2001 04:03 PM

hey bro

the easy way take out the old one and put the new one in.

172.16.0.0/16

PIX doesn't really know the the 172.16.1.0/24 is a 24 bit subnet. Because that class of IP is 16 bit

just remove and add

0 Helpful

wkim
Level 1
Level 1
In response to jscinocca

‎10-18-2001 04:08 PM

Yes I have tried to remove it but it won't.

no static (inside,outside) 172.16.1.0. 172.16.1.0 netmask 255.255.255.0 0

static (inside,outside) 172.16.0.0. 172.16.0.0 netmask 255.255.0.0 0 0

It won't do it.

0 Helpful

rrbleeker
Level 1
Level 1
In response to wkim

‎10-19-2001 07:51 AM

I am not sure, but it might be because you have active conduit statements that disallow you to remove the static command. Try removing the conduits, remove the static, reinstate your new static and enter the conduits.

0 Helpful

gogle
Level 1
Level 1

‎10-19-2001 08:44 AM

Remember that when you remove a static you should also clear xlate so that any established sessions are flushed. Once you add the new one it should work.

0 Helpful

williamkim
Level 1
Level 1

‎10-19-2001 09:58 AM

Thanks guys

It makes total sense.

I have to remove to active conduits first and clear xlate.

William

0 Helpful

markvtran
Level 1
Level 1

‎10-23-2001 02:04 PM

You should delete the old static commands before putting in the new one. Or you can add

"static (inside,outside) 172.16.2.0 172.16.2.0 netmask 255.255.255.0 0 0"

and use the new "2" subnet.

0 Helpful

williamkim
Level 1
Level 1
In response to markvtran

‎10-23-2001 02:36 PM

I would probably add another static instead of deleting old static commands.

static (inside,outside) 172.16.1.0 172.161.0 netmask 255.255.255.0 0 0

static (inside,outside) 172.16.2.0 172.16.2.0 netmask 255.255.255.0 0 0

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card