In article , brian wrote: [PIX 506e]
:I want to change the internal ip address of my pix, moving the subnet it :is on, due to a problem where clients VPN in and have the same subnet in :their office as we have here (ie.. 192.168.1.x) which causes problems.
Just so you know: there are ways around that problem using NAT. Not exactly "trivial ways", but it can be done.
:I want to reconfigure the pix to be on (eg) 192.168.41.x but not cause :an excessive outage.
:can I bind two addresses to the pix internal interface as an intrim :step?
No.
If you have a LAN router with 802.1Q capabilities, you could configure a "logical interface" on the PIX 506E inside interface, which would have much the same effect. But you still have a transitional mess where you have to copy the inside ACL and apply the new copy to the new inner interface, and you have to modify the two ACLs so the two subnets know how to talk to each other, and you have to play games with static or nat0 so the two subnets can initiate connections to each other...
Really, if you already have a LAN router, it's easier to toss on a secondary IP on it, add some NAT at the router level so that the old IPs come out in the new IP space, write the PIX configuration to a tftp server, global search and replace to create a version reflecting the new IP space, clear the PIX config and load it from the modified version on the tftp server.