Solved

Change outside IP Cisco ASA 5505

Posted on 2013-01-18
8
594 Views
Last Modified: 2015-07-01
Hi,

I have a Cisco ASA 5505 Firewall.  I'll be changing over to a new ISP which means I'll have a new Public IP address range.  Can someone advise the steps needed to make the change through the command line interface?  The outside IP (Vlan2) will obviously change.  What is the command to change that and is there any other commands that need to be run?  I'm familiar with making the changes to the ACL.  Please advise.  Thanks.
0
Comment
Question by:nywiit76
8 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 38794831
to change the IP;
conf t
interface vlan 2
ip address xxx.xxx.xxx.xxx 255.255.255.xxx
exit.

below is an tutorial of the basic setup.
http://www.tech21century.com/cisco-asa-5505-basic-configuration-tutorial/
0
 

Author Comment

by:nywiit76
ID: 38794868
Thanks.  Is that all that needs to be done?
0
 

Author Comment

by:nywiit76
ID: 38794904
Where do I put the new gateway address?  I see there's a 'route outside' command.  Is that it and what are the commands to change?  Also, is there an easy way of changing the ACL or do I have to go through and say "no access-list............ and then retype access-list........with new IP"?  Thanks.
0
 
LVL 11

Expert Comment

by:itguy565
ID: 38795747
Or you can just paste your configuration into notepad make the necessary modifications to it. Put your router in Global-Config mode and paste the necessary sections into the router. This is a quick and easy way to do this. By doing it this way you are merging the new configuration into the router and just overwriting the necessary sections.

Make sure to backup your current config to tftp server. This will make your life much easier.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:nywiit76
ID: 38803896
Ok.  Must be missing something.  Tried this tonight but did not work.  I first typed:

interface vlan 2
ip address xxx.xxx.xxx.xxx 255.255.255.xxx

did Ctrz Z and sh run to make sure it took it.  Entered config mode again and typed:

route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1

for the default gateway of new ISP then typed no route outside to remove gateway of old ISP.  sh run and everything looked okay.  From the ASA, I was able to ping a couple Public IP addresses (server in my office, etc.) and got a response.

However, from a CMD on any computer on the LAN, could not ping anything outside or get a web page to pull up.  What am I missing?  I hadn't changed anything else at this point.  Do I need to edit the ACL?  I wouldn't think so because everything out is allowed.  My ACL only has incoming port forwarding.  Was I supposed to type the Global (outside) or the NAT (inside) commands after changing the IP on the outside interface?  All gateways on LAN computers are pointing to the local IP of the ASA, which never changed.  DNS on all workstations are pointing to my DC which is pointing to itself and has the ISP forwarders.  Any ideas?

Thanks.
0
 

Accepted Solution

by:
nywiit76 earned 0 total points
ID: 38877807
Config t
interface Vlan2
nameif outside
security-level 0
no  ip address old_ipaddress subnetmask
ip address new_ipaddress subnetmask
no route outside 0.0.0.0 0.0.0.0 old_default_gateway 1
route outside 0.0.0.0 0.0.0.0  new_default_gateway 1

clear xlate

 change the static  nats as well using the new ip addresses (static (inside,outside) .......
0
 

Author Closing Comment

by:nywiit76
ID: 38896181
Per Cisco TAC
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40861926
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
CISCO ASA 5500 DDNS 4 54
SonicWall Pro 300 Firmware 2 59
Cisco ASA 5516-X Configuration 4 47
Defaulting a Branch Juniper SRX240 5 22
Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now