What needs to be changed in our firewall when changing ISPs?

Hello.  Tomorrow my company is switching from Cbeyond to Comcast.  Now of course when Comcast is doing the sales pitch they tell you how they take care of everything and the cutover is painless, etc. etc.  

Yesterday afternoon they told me that they will not make any of the config changes on the firewall to accept the connection.  Our usual guy who does the network security is NOT available.  My question is....what needs to be changed on our Cisco ASA 5505 and exactly how can I change?  Comcast is giving us 5 static IPs.  One of my colleagues told me they have a friend who can load our backup config into a configuration maker and send us the new config to just load in there but now he is on vacation.

Any help you all can give would be great because now we are scrambling!
tchristmanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tony GiangrecoCommented:
If your DNS is handles in your ASA 5505 and not on a server internally, then you need to log into the ASA 5505 and update the WAN information... IP, primary and secondary dns.

On all workstations or servers behind it, the dns may immediately be recognised. if not pergorm this

Start, Run, CMD
type ipconfig /flushdns
type ipconfig /registerdns
ping yahoo.com and see if you receive 4 replies.

If so, check eamail and web access. You should be done.

If your DNS is running on a server behind the Cisco ASA 5505, then you also need to update the DNS settings in the server.

Hope this helps.
0
tchristmanAuthor Commented:
This is strictly a workgroup environment.  Sorry I forgot to mention that.  So I think the DNS is handled on the 5505.

I just change the outside interface to one of the new IPs, change the gateway IP, and where would I change the DNS?

Also thanks so much for the reminder about flushing the dns.  I definitely would have forgotten about that!
0
Tony GiangrecoCommented:
All the settings should be changed in the Cisco ASA5505.

When Comcast makes their change, you should be able to test.

Since you are in a workgroup, it might want to update the DNS with the Comcast dns on each workstationin TCP/IP settings... Network Adaptor Properties
0
MSSPs - Are you paying too much?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

tchristmanAuthor Commented:
OK...so that is it and they should have an active Internet connection?  That seems too simple...haha.

They also have a server that is their purchasing system that is accessible through a public IP that they have now.  Do I just have to change the old public IP to one of the four remaining IPs that Comcast gives them?
0
Tony GiangrecoCommented:
Changing the public IP is only done in the Cisco ASA 5505 unit. Not on the boxes behind it. You might have to make some changes to that server based on what services it's running and what it's doing.
0
tchristmanAuthor Commented:
OK, and I hate to be repetitive, but for Internet access only, am I correct in saying that the only steps are:

(1 and 2 done on the 5505)
1. Change Interface IP
2. Change the Static Route Gateway
3. Possibly have to flush dns on workstations
0
Tony GiangrecoCommented:
For all the workgroup pc's pointing to the ASA 5505, Yes, that looks correct.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tchristmanAuthor Commented:
Nothing would have to be changed with the DMZ in the firewall?

Also, they have a purchasing system that is accessible through one of their public IPs.  I want all access to remain the same.  There is an object called Purchasing System.  Would I simply just change the IP under the network object and that will change it for all the rules it is involved with and access would remain the same?  Of course now I would just point them to the new IP of the purchasing system.
0
tchristmanAuthor Commented:
Thank you for all of your help!
0
Tony GiangrecoCommented:
Glad I could help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.