?
Solved

Change outside IP Cisco ASA 5505

Posted on 2013-01-18
8
Medium Priority
?
688 Views
Last Modified: 2015-07-01
Hi,

I have a Cisco ASA 5505 Firewall.  I'll be changing over to a new ISP which means I'll have a new Public IP address range.  Can someone advise the steps needed to make the change through the command line interface?  The outside IP (Vlan2) will obviously change.  What is the command to change that and is there any other commands that need to be run?  I'm familiar with making the changes to the ACL.  Please advise.  Thanks.
0
Comment
Question by:nywiit76
8 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 38794831
to change the IP;
conf t
interface vlan 2
ip address xxx.xxx.xxx.xxx 255.255.255.xxx
exit.

below is an tutorial of the basic setup.
http://www.tech21century.com/cisco-asa-5505-basic-configuration-tutorial/
0
 

Author Comment

by:nywiit76
ID: 38794868
Thanks.  Is that all that needs to be done?
0
 

Author Comment

by:nywiit76
ID: 38794904
Where do I put the new gateway address?  I see there's a 'route outside' command.  Is that it and what are the commands to change?  Also, is there an easy way of changing the ACL or do I have to go through and say "no access-list............ and then retype access-list........with new IP"?  Thanks.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 11

Expert Comment

by:itguy565
ID: 38795747
Or you can just paste your configuration into notepad make the necessary modifications to it. Put your router in Global-Config mode and paste the necessary sections into the router. This is a quick and easy way to do this. By doing it this way you are merging the new configuration into the router and just overwriting the necessary sections.

Make sure to backup your current config to tftp server. This will make your life much easier.
0
 

Author Comment

by:nywiit76
ID: 38803896
Ok.  Must be missing something.  Tried this tonight but did not work.  I first typed:

interface vlan 2
ip address xxx.xxx.xxx.xxx 255.255.255.xxx

did Ctrz Z and sh run to make sure it took it.  Entered config mode again and typed:

route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1

for the default gateway of new ISP then typed no route outside to remove gateway of old ISP.  sh run and everything looked okay.  From the ASA, I was able to ping a couple Public IP addresses (server in my office, etc.) and got a response.

However, from a CMD on any computer on the LAN, could not ping anything outside or get a web page to pull up.  What am I missing?  I hadn't changed anything else at this point.  Do I need to edit the ACL?  I wouldn't think so because everything out is allowed.  My ACL only has incoming port forwarding.  Was I supposed to type the Global (outside) or the NAT (inside) commands after changing the IP on the outside interface?  All gateways on LAN computers are pointing to the local IP of the ASA, which never changed.  DNS on all workstations are pointing to my DC which is pointing to itself and has the ISP forwarders.  Any ideas?

Thanks.
0
 

Accepted Solution

by:
nywiit76 earned 0 total points
ID: 38877807
Config t
interface Vlan2
nameif outside
security-level 0
no  ip address old_ipaddress subnetmask
ip address new_ipaddress subnetmask
no route outside 0.0.0.0 0.0.0.0 old_default_gateway 1
route outside 0.0.0.0 0.0.0.0  new_default_gateway 1

clear xlate

 change the static  nats as well using the new ip addresses (static (inside,outside) .......
0
 

Author Closing Comment

by:nywiit76
ID: 38896181
Per Cisco TAC
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40861926
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The way I use Experts Exchange to assist me in analyzing and diagnosing a problem is I first enter a Verbose Question at Experts Exchange like: Office 2007 will hang when opening and saving files I then launch WordPad (any text editor will do) an…
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question