Solved

Change outside IP Cisco ASA 5505

Posted on 2013-01-18
8
604 Views
Last Modified: 2015-07-01
Hi,

I have a Cisco ASA 5505 Firewall.  I'll be changing over to a new ISP which means I'll have a new Public IP address range.  Can someone advise the steps needed to make the change through the command line interface?  The outside IP (Vlan2) will obviously change.  What is the command to change that and is there any other commands that need to be run?  I'm familiar with making the changes to the ACL.  Please advise.  Thanks.
0
Comment
Question by:nywiit76
8 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 38794831
to change the IP;
conf t
interface vlan 2
ip address xxx.xxx.xxx.xxx 255.255.255.xxx
exit.

below is an tutorial of the basic setup.
http://www.tech21century.com/cisco-asa-5505-basic-configuration-tutorial/
0
 

Author Comment

by:nywiit76
ID: 38794868
Thanks.  Is that all that needs to be done?
0
 

Author Comment

by:nywiit76
ID: 38794904
Where do I put the new gateway address?  I see there's a 'route outside' command.  Is that it and what are the commands to change?  Also, is there an easy way of changing the ACL or do I have to go through and say "no access-list............ and then retype access-list........with new IP"?  Thanks.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 11

Expert Comment

by:itguy565
ID: 38795747
Or you can just paste your configuration into notepad make the necessary modifications to it. Put your router in Global-Config mode and paste the necessary sections into the router. This is a quick and easy way to do this. By doing it this way you are merging the new configuration into the router and just overwriting the necessary sections.

Make sure to backup your current config to tftp server. This will make your life much easier.
0
 

Author Comment

by:nywiit76
ID: 38803896
Ok.  Must be missing something.  Tried this tonight but did not work.  I first typed:

interface vlan 2
ip address xxx.xxx.xxx.xxx 255.255.255.xxx

did Ctrz Z and sh run to make sure it took it.  Entered config mode again and typed:

route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1

for the default gateway of new ISP then typed no route outside to remove gateway of old ISP.  sh run and everything looked okay.  From the ASA, I was able to ping a couple Public IP addresses (server in my office, etc.) and got a response.

However, from a CMD on any computer on the LAN, could not ping anything outside or get a web page to pull up.  What am I missing?  I hadn't changed anything else at this point.  Do I need to edit the ACL?  I wouldn't think so because everything out is allowed.  My ACL only has incoming port forwarding.  Was I supposed to type the Global (outside) or the NAT (inside) commands after changing the IP on the outside interface?  All gateways on LAN computers are pointing to the local IP of the ASA, which never changed.  DNS on all workstations are pointing to my DC which is pointing to itself and has the ISP forwarders.  Any ideas?

Thanks.
0
 

Accepted Solution

by:
nywiit76 earned 0 total points
ID: 38877807
Config t
interface Vlan2
nameif outside
security-level 0
no  ip address old_ipaddress subnetmask
ip address new_ipaddress subnetmask
no route outside 0.0.0.0 0.0.0.0 old_default_gateway 1
route outside 0.0.0.0 0.0.0.0  new_default_gateway 1

clear xlate

 change the static  nats as well using the new ip addresses (static (inside,outside) .......
0
 

Author Closing Comment

by:nywiit76
ID: 38896181
Per Cisco TAC
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40861926
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question