Solved

Cisco PIX ASA500 Gotchas

Posted on 2014-01-21
2
400 Views
Last Modified: 2014-02-09
I have been tasked with the job of changing the IP address of the Outside interface of an PIX ASA500 series Firewall which was installed and configured by somebody else, who is not available to help. Neither will I have access to the unit to interrogate its current configuration until I am expected to change it and get it working again. Add to that the fact I have very little experience of these units and you will appreciate why I am a bit nervous.

Having read up a little I suspect the solution could be as simple as changing the IP address assigned to the interface and changing the default route accordingly - however, this being Cisco, are there any "gotchas" to look out for? Anything I need to be aware of in this potential minefield?

Thanks in anticipation.
0
Comment
Question by:SCOTT78
2 Comments
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 39797000
Any source NATs that are configured may stop working. Just depends on the configuration. Destination NAT statements, if you have a web server, email server, or some other server may no longer work, however that would require not only reconfiguring the NAT statement, but changing DNS, etc.
0
 
LVL 8

Accepted Solution

by:
amatson78 earned 500 total points
ID: 39797123
It all depends on if the rules and nats are assigned to the "interface" or a specific object for the IP. Unfortunatly you will not know until you get in there. As for the IP change it is as simple as going into the config and changing the IP for that vlan assigned to the outside interface

# config t
# interface Vlan1 (or whatever yours is)
# no ip address 1.1.1.1 255.255.255.0
# ip address 2.2.2.2 255.255.255.0
# wr

Open in new window


That should be it, I would then look through the access rules and NATs to see if there is any reference to the old IP, if they use "outside interface" then you should be good it should update with the IP change.

Cheers.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now