Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco PIX ASA500 Gotchas

Posted on 2014-01-21
2
Medium Priority
?
426 Views
Last Modified: 2014-02-09
I have been tasked with the job of changing the IP address of the Outside interface of an PIX ASA500 series Firewall which was installed and configured by somebody else, who is not available to help. Neither will I have access to the unit to interrogate its current configuration until I am expected to change it and get it working again. Add to that the fact I have very little experience of these units and you will appreciate why I am a bit nervous.

Having read up a little I suspect the solution could be as simple as changing the IP address assigned to the interface and changing the default route accordingly - however, this being Cisco, are there any "gotchas" to look out for? Anything I need to be aware of in this potential minefield?

Thanks in anticipation.
0
Comment
Question by:SCOTT78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 39797000
Any source NATs that are configured may stop working. Just depends on the configuration. Destination NAT statements, if you have a web server, email server, or some other server may no longer work, however that would require not only reconfiguring the NAT statement, but changing DNS, etc.
0
 
LVL 8

Accepted Solution

by:
amatson78 earned 2000 total points
ID: 39797123
It all depends on if the rules and nats are assigned to the "interface" or a specific object for the IP. Unfortunatly you will not know until you get in there. As for the IP change it is as simple as going into the config and changing the IP for that vlan assigned to the outside interface

# config t
# interface Vlan1 (or whatever yours is)
# no ip address 1.1.1.1 255.255.255.0
# ip address 2.2.2.2 255.255.255.0
# wr

Open in new window


That should be it, I would then look through the access rules and NATs to see if there is any reference to the old IP, if they use "outside interface" then you should be good it should update with the IP change.

Cheers.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question