Solved

Moving Cisco ASA t new lcoation, new external IP's

Posted on 2010-09-03
4
361 Views
Last Modified: 2012-05-10
We are moving a Cisco 5510 from one location to another and the internet provider is changing.  Nothing with the internal network is changing.  I'm trying to determine my easiest path in completing this.  I have a spare test 5510 that I can bring in.  Is the best way just to start with a fresh config the test asa, get it the way I need it then copy that to the asa once it is moved or should I try editing the current config once its been moved?

It has 2 DMZ's setup and about 12 external firewall rules.
0
Comment
Question by:dmwynne
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:keith_opswat
Comment Utility
If nothing on your internal network is changing just remove the old IP address from the outside interface and add a new one. Also, change any static routes you had pointing to the old ISP's gateway and that should be it.

Why go through the hassle of re-configuring everything and possibly making an error on it when you know it works and only one small area is going to change. I just recently changed ISP's and did exactly what I said above. Changed IP address on one I/F and edited the static routes. It came up flawlessly.
0
 
LVL 14

Author Comment

by:dmwynne
Comment Utility
Yup you are right the only thing that concerns me is we have several external facing boxes with firewall rules and access lists.  Do you see any issue there?
0
 
LVL 4

Accepted Solution

by:
keith_opswat earned 500 total points
Comment Utility
Most firewall rules are generic... If any of the rules are dealing specifically with an IP address or subnet of your old IP's then change those rules.

Most of the rules are just going to say if you have traffic coming from this range or from anywhere with this port... allow to a certain location or deny.

So like I said the only thing that will cause you any issues with your move is any rules, IP address, static routes, or default gateways set need ot be reconfigured to point to their new counterpart. If that's all done then you should have a seamless transition.

Good luck!!
0
 
LVL 14

Author Closing Comment

by:dmwynne
Comment Utility
Thanks
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now