We help IT Professionals succeed at work.
Private

ASA 5545X Named Interface Change

wrt1mea
wrt1mea asked
on
78 Views
Last Modified: 2020-07-16
Good morning,

We are running a Cisco ASA 5545X 9.14 / 7.14. We are establishing naming standars (a little late of course) for our interfaces. We want to change our Outside interface from "outside" to "OUTSIDE".

I can easily do this via CLI. What I am running into in the lab is that when I do that, I lose all of my access rules associated with the "outside" interface.

I see in ASDM where I can export rules very easily. I dont see where I can import them.

So ideally, I would like to change "outside" to "OUTSIDE" and maintain our firewall access rules associated with the interface.

Ideas / Suggestions?
Comment
Watch Question

Pete LongTechnical Architect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Yes - Back the config up to TFTP - edit the backup in a text editor with a find/replace, then restore the config back again.

Juniper/JunOS has this feature built in, Cisco has not caught up yet!

</P>

Author

Commented:
That's a pretty good idea....very simple. We could capture the RunConfig via log session using SecureCRT, edit, and then drop it back in.

I am going to test on the ASA in 30 minutes. I will follow back up.

Author

Commented:
Pete,

I ran a runconfig backup and did the find and replace. I put that new running config back in and it did not change interface name or acl interface name. Ideas?
Pete LongTechnical Architect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
? If you restored back to the startup-config you will need to reboot (reload) the firewall?


P

Author

Commented:
I will do a more comprehensive one later this afternoon and let you know the results

Author

Commented:
Here is what I did:

1. Copied the running config from the ASA
2. Edited it in notepad
3. Copied the new run config into the Running Config.
4. Wr me

I did not reload the ASA...
Pete LongTechnical Architect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You need to back the config up not simply copy it it (unless you use a 'show more:running-config') command, or things like shared secrets will just be asterisks!

</P>

Author

Commented:
Pete,

I am trying to follow what you are saying. I have made a backup using the "backup" command to the disk.

I have not had success using the 'show more running-config" command. Nothing returned.

I tried the "more system:running-config" command but that returned very little data.

Ideas?

Author

Commented:
OK...here is what I did:

1. I copied the start-up config to disk0:
2. I used ASDM and transferred the startup config file to desktop
3. I did a find and replace of "outside" to "OUTSIDE"
4. I used ASDM to drop the new start-up config to disk0:/
5. I issued the "config factory-default" command
6. I copied the new start-up config to run config
7. Wr me
8. Verified the new interface name change by "show run"
9. Reloaded ASA
10. DONE!

Comments / Suggestions?

Author

Commented:
OK...I may have gotten ahead of myself on celebrating...

I was able to successfully perform the task at my desk with the ASA. However, when I run through the procedures in the lab, I ran into some roadblocks:

1. Ideally, I would like to be able to perform this remotely, with no local user involvement
2. Once I issue the "config factory-default" it drops my VPN connection and I can no longer remotely perform steps 6-10. I have to go to the device and console into finish
3. Unless I use the "config factory-default" it will not change the interface name as desired. I have tried issuing the write erase command and copied the new star-up config to start up, wr mem, reloaded and it was unsuccessful.


I am really open to ideas here...


Pete LongTechnical Architect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
>>5. I issued the "config factory-default" command

Don't do that? or. you'll set outside interface to DHCP and the inside to 192.168.1.1!

Author

Commented:
ok, I will try running through the process again and exclude that step. During testing yesterday, it seemed like the new config wouldnt write over the old config, even after a reboot. I will try again today. Thank you for the help!

Author

Commented:
Pete,

OK, I just tried it again...

If I copy the new start to run, I receive duplicate error messages. I will wr me it and reload it and there will be no config change. If I don't do the config factory-default, it doesnt seem to behave the way I want it to...???
Technical Architect
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.