how to chage route settings in pix 525

[pietrucha]

By mistake i have input wrong ip addresses of
outside interface ( in my case interent) and wrong ip of gateway.
command route internet 195.200.81.130 255.255.255.128 195.200.81.129
returns: Route already exists
command no route internet 195.200.81.128 255.255.255.128 195.200.81.130
returns: It is not allowed to delete directly connected routes
command clear route internet does not work.
command show route returns:
internet 0.0.0.0 0.0.0.0 195.117.225.129 1 OTHER static
udsclan 192.168.1.0 255.255.255.0 192.168.1.1 1 CONNECT static
internet 195.117.225.128 255.255.255.128 195.117.225.130 1 CONNECT static
Version of the system is 6.3(3)
I am looking forward to any suggestion how to correct route settings with
key word CONNECT.

 

[unclerico]

Post a scrubbed config of your pix

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[pietrucha]

command route internet 195.200.81.130 255.255.255.128 195.200.81.129
returns: Route already exists
command no route internet 195.200.81.128 255.255.255.128 195.200.81.130
returns: It is not allowed to delete directly connected routes
command clear route internet does not work.
command show route returns:
internet 0.0.0.0 0.0.0.0 195.200.81.129 1 OTHER static
udsclan 192.168.1.0 255.255.255.0 192.168.1.1 1 CONNECT static
internet 195.200.81.128 255.255.255.128 195.200.81.130 1 CONNECT static
Here is config of pix:
PIX Version 6.3(3)
interface ethernet0 100full
interface ethernet1 100full
interface ethernet2 100full
interface ethernet3 auto shutdown
interface ethernet4 auto shutdown
interface ethernet5 auto shutdown
nameif ethernet0 internet security0
nameif ethernet1 udsclan security99
nameif ethernet2 udscdmz security50
nameif ethernet3 intf3 security6
nameif ethernet4 intf4 security8
nameif ethernet5 intf5 security10
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname zapora-sieciowa
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
pager lines 24
icmp permit any echo internet
icmp permit any echo-reply internet
icmp permit any echo udsclan
icmp permit any echo-reply udsclan
icmp permit any echo udscdmz
icmp permit any echo-reply udscdmz
mtu internet 1500
mtu udsclan 1500
mtu udscdmz 1500
mtu intf3 1500
mtu intf4 1500
mtu intf5 1500
ip address internet 195.200.81.130 255.255.255.128
ip address udsclan 192.168.1.1 255.255.255.0
no ip address intf3
no ip address intf4
no ip address intf5
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address internet
no failover ip address udsclan
no failover ip address udscdmz
no failover ip address intf3
no failover ip address intf4
no failover ip address intf5
pdm history enable
arp timeout 14400
global (internet) 1 195.200.81.132
nat (udsclan) 1 192.168.1.0 255.255.255.0 0 0
established tcp 135 0 permitto tcp 1024-65535 permitfrom tcp 0
route internet 0.0.0.0 0.0.0.0 195.200.81.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.64-192.168.1.254 udsclan
dhcpd dns 194.204.152.34 194.204.159.1
dhcpd lease 2600000
dhcpd ping_timeout 750
dhcpd enable udsclan
terminal width 80
Cryptochecksum:64d8c3cba9e6358726a196764ae71400
: end

 

[Supergrrover]

Make sure to do this from the console or from the inside network or you will be shut out.

First remove the wrong info
no ip address internet 195.200.81.130 255.255.255.128
no route internet 0.0.0.0 0.0.0.0 195.117.225.129

Now add the correct info back in
ip address internet 195.200.81.X 255.255.255.128 ****the outside interface address that you want
route internet 0.0.0.0 0.0.0.0 195.117.225.X ****the gateway address



Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[pietrucha]

I have done it.
But I would like to change the following setting:
internet 195.117.225.128 255.255.255.128 195.117.225.130 1 CONNECT static
I have noticed that removal is not possible (it has CONNECT identifier) but change is possible.
Becouse I am new user of pix I would like to know how to do it.

 

[Supergrrover]

Where are you getting that from? Can you post your corrected config?


Brent
Systems Engineer / Consultant
CCNP, CCSP