change asa firewall dns address

Posted on 2012-03-14
Last Modified: 2012-03-19
Trying to add my new isp static info and take off this opendns address off.

sho ver!
no names
name Server
name xx.xx.203 PublicMail
name IntegratedSolar_Cam
name IntegratedSolar_Meter
name xxx204 IntegratedSolar_MeterPublic
name xxxx205 IntegratedSolar_CamPublic
name xxxx141 IntegratedSolar_Public
name OpenDNS1
name OpenDNS2
name xxxxx202 Outside_Interface
interface Vlan1
 nameif inside
 security-level 100
 ip address
interface Vlan2
 nameif outside
 security-level 0
 ip address xxxxxx202
interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
speed 100
 duplex full
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
same-security-traffic permit intra-interface
object-group service IntSolar tcp
 port-object eq 9999
object-group network OpenDNS_Servers
 network-object host
 network-object host
object-group network _networks
object-group network B_networks
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit tcp any host xxx203 eq smtp
access-list outside_access_in extended permit tcp any host xxx203 eq https
access-list outside_access_in extended permit ip host 209xxxx141 host 24.xxx204
access-list outside_access_in extended permit ip any host 24.xxxx205
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit icmp any any time-exceeded
access-list outside_access_in extended permit icmp any any unreachable
access-list outside_access_in extended permit ip host 173..141 host 24xxxxx204
access-list outside_access_in extended permit tcp any host 24xxxx202 eq 2080
access-list inside_access_out extended permit ip any any
access-list inside_nat0_outbound extended permit ip
access-list inside_nat0_outbound extended permit ip host
access-list 3000client_splitTunnelAcl standard permit
access-list 3000client_splitTunnelAcl_1 standard permit
access-list 4000client_splitTunnelAcl standard permit
access-list 5000client_splitTunnelAcl standard permit host
access-list nonat extended permit ip object-group networks object-group B_networks
access-list nonat extended permit ip
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool pool
ip local pool Vendor
ip local pool ip_pool
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1
static (inside,outside) tcp interface 2080 2080 netmask
static (inside,outside) xxx205 netmask
static (inside,outside) 24.xxxxx203 netmask
static (inside,outside) 24.xxxxx204 netmask
access-group inside_access_in in interface inside
access-group inside_access_out out interface inside
access-group outside_access_in in interface outside
route outside 24.xxxx201 1
route inside 1
route inside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
 lifetime 43200
telnet inside
telnet inside
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd dns
dhcpd auto_config outside
Question by:vmagan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 17

Accepted Solution

lruiz52 earned 500 total points
ID: 37723578
Configure terminal
no name OpenDNS1
no name OpenDNS2
no dhcpd dns

name xx.xx.xx.1
name xx.xx.xx.2
dhcpd dns xx.xx.xx.1 xx.xx.xx.2

Author Comment

ID: 37725916
I will try this tonight. Too scared to try this remotely.


Author Closing Comment

ID: 37739969
Nice and easy.


Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question