Solved

Cisco PIX ASA500 Gotchas

Posted on 2014-01-21
2
407 Views
Last Modified: 2014-02-09
I have been tasked with the job of changing the IP address of the Outside interface of an PIX ASA500 series Firewall which was installed and configured by somebody else, who is not available to help. Neither will I have access to the unit to interrogate its current configuration until I am expected to change it and get it working again. Add to that the fact I have very little experience of these units and you will appreciate why I am a bit nervous.

Having read up a little I suspect the solution could be as simple as changing the IP address assigned to the interface and changing the default route accordingly - however, this being Cisco, are there any "gotchas" to look out for? Anything I need to be aware of in this potential minefield?

Thanks in anticipation.
0
Comment
Question by:SCOTT78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 39797000
Any source NATs that are configured may stop working. Just depends on the configuration. Destination NAT statements, if you have a web server, email server, or some other server may no longer work, however that would require not only reconfiguring the NAT statement, but changing DNS, etc.
0
 
LVL 8

Accepted Solution

by:
amatson78 earned 500 total points
ID: 39797123
It all depends on if the rules and nats are assigned to the "interface" or a specific object for the IP. Unfortunatly you will not know until you get in there. As for the IP change it is as simple as going into the config and changing the IP for that vlan assigned to the outside interface

# config t
# interface Vlan1 (or whatever yours is)
# no ip address 1.1.1.1 255.255.255.0
# ip address 2.2.2.2 255.255.255.0
# wr

Open in new window


That should be it, I would then look through the access rules and NATs to see if there is any reference to the old IP, if they use "outside interface" then you should be good it should update with the IP change.

Cheers.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to choose hardware firewall 5 84
Sonicwall will not export settings 4 112
E-mail alerts from Cisco ASA Firepower 3 93
VOIP gateways - feedback 23 70
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question