An operation as simple as changing IP address of one of the interfaces of a PIX (e.g. when switching to a different ISP) can be tricky.
You just need to stick to the following steps:
- Change the IP address and the default route, if applicable:
ip address outside A.B.C.D W.X.Y.Z route outside 0.0.0.0 0.0.0.0 A.B.C.E
- Reconfigure NAT and ACLs, if applicable.
“Restart” the crypto map on the interface if the PIX serves as a VPN server:
no crypto map map_name interface outside crypto map map_name interface outside
If you don’t do this, during a VPN connection attempt the login window will pop up, but the connection process will hang on the “Securing communications channel…” stage (after which an error 412 window will pop up – “The remote peer is no longer responding.”).
Regenerate the RSA certificates (you can display those currently used by the device with a
show ca mypubkey rsacommand):
pix# configure terminal pix(config)# ca generate rsa key 1024
- Save the certificates in memory:
pix(config)# ca save all
- Save the configuration:
pix# write memory