Solved

Cisco PIX ASA500 Gotchas

Posted on 2014-01-21
2
404 Views
Last Modified: 2014-02-09
I have been tasked with the job of changing the IP address of the Outside interface of an PIX ASA500 series Firewall which was installed and configured by somebody else, who is not available to help. Neither will I have access to the unit to interrogate its current configuration until I am expected to change it and get it working again. Add to that the fact I have very little experience of these units and you will appreciate why I am a bit nervous.

Having read up a little I suspect the solution could be as simple as changing the IP address assigned to the interface and changing the default route accordingly - however, this being Cisco, are there any "gotchas" to look out for? Anything I need to be aware of in this potential minefield?

Thanks in anticipation.
0
Comment
Question by:SCOTT78
2 Comments
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 39797000
Any source NATs that are configured may stop working. Just depends on the configuration. Destination NAT statements, if you have a web server, email server, or some other server may no longer work, however that would require not only reconfiguring the NAT statement, but changing DNS, etc.
0
 
LVL 8

Accepted Solution

by:
amatson78 earned 500 total points
ID: 39797123
It all depends on if the rules and nats are assigned to the "interface" or a specific object for the IP. Unfortunatly you will not know until you get in there. As for the IP change it is as simple as going into the config and changing the IP for that vlan assigned to the outside interface

# config t
# interface Vlan1 (or whatever yours is)
# no ip address 1.1.1.1 255.255.255.0
# ip address 2.2.2.2 255.255.255.0
# wr

Open in new window


That should be it, I would then look through the access rules and NATs to see if there is any reference to the old IP, if they use "outside interface" then you should be good it should update with the IP change.

Cheers.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to choose hardware firewall 5 45
Host to host VPN issue 1 59
ASA 5506-X 7 88
Cisco ASA LDAP Authentication for VPN and Management 8 34
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question