• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1393
  • Last Modified:

Changing subnetmask on Cisco ASA 5510 Firewall

We are increasing our IP Range and our subnet mask is changing.  Would the only two places I need to change my subnet mask on our ASA 5510 be under configuration\Building Blocks\Hosts/Network\Inside  and under configuration\interfaces\ethernet0/1??
2 Solutions
Ernie BeekCommented:
Well, normally you change the subnet mask on the interface, in any access lists that might apply, nat statements and statics (just from memory). Looks like you're doing this through the ASDM. It might be wise to walk through the whole config (tools->command line interface-> 'wr t').

You could post a (sanitized) config over here, so we can have a look at it if you like.

You also need to check routing and any remote / VPN devices that connect to the firewall otherwise they will be unable to connect. So your check list should look something like this:

* IP address and subnet mask change on the device (both end of the interface)
* Change of Access Control List of firewall policy (zone definitions etc)
* Routing configuration change
* Change on remote devices / VPN clients
* Change on monitoring devices (e.g. SNMP etc)

Make sure you audit current configuration to identify main areas of change before you actually start changing. You also need to backup current config; you can do "show run" from the CLI.

Good luck.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now