Solved

Change outside IP Cisco ASA 5505

Posted on 2013-01-18
8
617 Views
Last Modified: 2015-07-01
Hi,

I have a Cisco ASA 5505 Firewall.  I'll be changing over to a new ISP which means I'll have a new Public IP address range.  Can someone advise the steps needed to make the change through the command line interface?  The outside IP (Vlan2) will obviously change.  What is the command to change that and is there any other commands that need to be run?  I'm familiar with making the changes to the ACL.  Please advise.  Thanks.
0
Comment
Question by:nywiit76
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 38794831
to change the IP;
conf t
interface vlan 2
ip address xxx.xxx.xxx.xxx 255.255.255.xxx
exit.

below is an tutorial of the basic setup.
http://www.tech21century.com/cisco-asa-5505-basic-configuration-tutorial/
0
 

Author Comment

by:nywiit76
ID: 38794868
Thanks.  Is that all that needs to be done?
0
 

Author Comment

by:nywiit76
ID: 38794904
Where do I put the new gateway address?  I see there's a 'route outside' command.  Is that it and what are the commands to change?  Also, is there an easy way of changing the ACL or do I have to go through and say "no access-list............ and then retype access-list........with new IP"?  Thanks.
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 
LVL 11

Expert Comment

by:itguy565
ID: 38795747
Or you can just paste your configuration into notepad make the necessary modifications to it. Put your router in Global-Config mode and paste the necessary sections into the router. This is a quick and easy way to do this. By doing it this way you are merging the new configuration into the router and just overwriting the necessary sections.

Make sure to backup your current config to tftp server. This will make your life much easier.
0
 

Author Comment

by:nywiit76
ID: 38803896
Ok.  Must be missing something.  Tried this tonight but did not work.  I first typed:

interface vlan 2
ip address xxx.xxx.xxx.xxx 255.255.255.xxx

did Ctrz Z and sh run to make sure it took it.  Entered config mode again and typed:

route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1

for the default gateway of new ISP then typed no route outside to remove gateway of old ISP.  sh run and everything looked okay.  From the ASA, I was able to ping a couple Public IP addresses (server in my office, etc.) and got a response.

However, from a CMD on any computer on the LAN, could not ping anything outside or get a web page to pull up.  What am I missing?  I hadn't changed anything else at this point.  Do I need to edit the ACL?  I wouldn't think so because everything out is allowed.  My ACL only has incoming port forwarding.  Was I supposed to type the Global (outside) or the NAT (inside) commands after changing the IP on the outside interface?  All gateways on LAN computers are pointing to the local IP of the ASA, which never changed.  DNS on all workstations are pointing to my DC which is pointing to itself and has the ISP forwarders.  Any ideas?

Thanks.
0
 

Accepted Solution

by:
nywiit76 earned 0 total points
ID: 38877807
Config t
interface Vlan2
nameif outside
security-level 0
no  ip address old_ipaddress subnetmask
ip address new_ipaddress subnetmask
no route outside 0.0.0.0 0.0.0.0 old_default_gateway 1
route outside 0.0.0.0 0.0.0.0  new_default_gateway 1

clear xlate

 change the static  nats as well using the new ip addresses (static (inside,outside) .......
0
 

Author Closing Comment

by:nywiit76
ID: 38896181
Per Cisco TAC
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40861926
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question