Changing subnetmask on Cisco ASA 5510 Firewall

Posted on 2011-04-29
Last Modified: 2012-05-11
We are increasing our IP Range and our subnet mask is changing.  Would the only two places I need to change my subnet mask on our ASA 5510 be under configuration\Building Blocks\Hosts/Network\Inside  and under configuration\interfaces\ethernet0/1??
Question by:adamhicks
    LVL 35

    Accepted Solution

    Well, normally you change the subnet mask on the interface, in any access lists that might apply, nat statements and statics (just from memory). Looks like you're doing this through the ASDM. It might be wise to walk through the whole config (tools->command line interface-> 'wr t').

    You could post a (sanitized) config over here, so we can have a look at it if you like.
    LVL 10

    Assisted Solution


    You also need to check routing and any remote / VPN devices that connect to the firewall otherwise they will be unable to connect. So your check list should look something like this:

    * IP address and subnet mask change on the device (both end of the interface)
    * Change of Access Control List of firewall policy (zone definitions etc)
    * Routing configuration change
    * Change on remote devices / VPN clients
    * Change on monitoring devices (e.g. SNMP etc)

    Make sure you audit current configuration to identify main areas of change before you actually start changing. You also need to backup current config; you can do "show run" from the CLI.

    Good luck.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
    As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now