?
Solved

Moving Cisco ASA t new lcoation, new external IP's

Posted on 2010-09-03
4
Medium Priority
?
393 Views
Last Modified: 2012-05-10
We are moving a Cisco 5510 from one location to another and the internet provider is changing.  Nothing with the internal network is changing.  I'm trying to determine my easiest path in completing this.  I have a spare test 5510 that I can bring in.  Is the best way just to start with a fresh config the test asa, get it the way I need it then copy that to the asa once it is moved or should I try editing the current config once its been moved?

It has 2 DMZ's setup and about 12 external firewall rules.
0
Comment
Question by:dmwynne
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:keith_opswat
ID: 33600194
If nothing on your internal network is changing just remove the old IP address from the outside interface and add a new one. Also, change any static routes you had pointing to the old ISP's gateway and that should be it.

Why go through the hassle of re-configuring everything and possibly making an error on it when you know it works and only one small area is going to change. I just recently changed ISP's and did exactly what I said above. Changed IP address on one I/F and edited the static routes. It came up flawlessly.
0
 
LVL 14

Author Comment

by:dmwynne
ID: 33600236
Yup you are right the only thing that concerns me is we have several external facing boxes with firewall rules and access lists.  Do you see any issue there?
0
 
LVL 4

Accepted Solution

by:
keith_opswat earned 2000 total points
ID: 33600293
Most firewall rules are generic... If any of the rules are dealing specifically with an IP address or subnet of your old IP's then change those rules.

Most of the rules are just going to say if you have traffic coming from this range or from anywhere with this port... allow to a certain location or deny.

So like I said the only thing that will cause you any issues with your move is any rules, IP address, static routes, or default gateways set need ot be reconfigured to point to their new counterpart. If that's all done then you should have a seamless transition.

Good luck!!
0
 
LVL 14

Author Closing Comment

by:dmwynne
ID: 33600977
Thanks
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question