Cisco ASA 5505 series Adaptive Security Appliance
Hello,
I have a Cisco ASA 5505. I have to change the external ip address. I can telnet into the device but I need to know the exact commands to change the ip. I am unfamiliar with the operating system so if you could let me know exactly what to type, it would be very helpful.
Thanks!
I have a Cisco ASA 5505. I have to change the external ip address. I can telnet into the device but I need to know the exact commands to change the ip. I am unfamiliar with the operating system so if you could let me know exactly what to type, it would be very helpful.
Thanks!
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
telnet (internal IP)
login using username and password or type telnet password
type enable
type password
type show conf
locate the external interface used
type conf terminal
type int <interface name>
type ip address a.a.a.a b.b.b.b (a.a.a.a is external IP, and b.b.b.b subnet mask)
type wr mem
type clear xlate, to clear translations
would be good idea to reboot if you can.
type exit
type exit
type sh conf and check interface has new IP assigned.
do you know if the interface IP is hardcoded to any services.
login using username and password or type telnet password
type enable
type password
type show conf
locate the external interface used
type conf terminal
type int <interface name>
type ip address a.a.a.a b.b.b.b (a.a.a.a is external IP, and b.b.b.b subnet mask)
type wr mem
type clear xlate, to clear translations
would be good idea to reboot if you can.
type exit
type exit
type sh conf and check interface has new IP assigned.
do you know if the interface IP is hardcoded to any services.
Thanks! Your explicit directions worked perfectly! They can get to the internet!
However when I look through the config I still see the old ip on some lines:
access-list acl_out extended tcp any host xxx.xxx.xxx.xxx eq www
access-list acl_out extended tcp any host xxx.xxx.xxx.xxx range 4520 4524
and
static (inside,outside) xxx.xxx.xxx.xxx 192.168.1.200 netmask 255.255.255.255
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
Do I need to change these as well?
However when I look through the config I still see the old ip on some lines:
access-list acl_out extended tcp any host xxx.xxx.xxx.xxx eq www
access-list acl_out extended tcp any host xxx.xxx.xxx.xxx range 4520 4524
and
static (inside,outside) xxx.xxx.xxx.xxx 192.168.1.200 netmask 255.255.255.255
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
Do I need to change these as well?
you will need to change the access-list and static statement's ip addresses to the new address.
the route statement should *not* have the exact, old ip address. it will most likely be different by 1 in the last octet of the address? in that case it wont need to be changed if you are not changing the subnet.
if you are changing the subnet, then the route statement will need to be changed. if you're not sure, tell us the subnet mask (the b.b.b.b part of the ip command above) and the last part of the old and new ip addresses, then we can advise if the route statement will need to be changed.
the route statement should *not* have the exact, old ip address. it will most likely be different by 1 in the last octet of the address? in that case it wont need to be changed if you are not changing the subnet.
if you are changing the subnet, then the route statement will need to be changed. if you're not sure, tell us the subnet mask (the b.b.b.b part of the ip command above) and the last part of the old and new ip addresses, then we can advise if the route statement will need to be changed.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial