Change ASA Firewall Address

Answered Question
Sep 14th, 2007
User Badges:

When I go through the ASDM manager and change the IP address of the ASA5505 unit and write to memory I get an error. Is there a way to do this via the console port? Thanks

Correct Answer by JORGE RODRIGUEZ about 9 years 9 months ago

go to enable mode and issue


no dhcpd address 192.168.1.2-192.168.1.33 inside


then configure the vlan to re-ip the interface after that is done go back to placing back dhcp pool for your inside network using your new IP subnet information, follow the pool format you removed for the IP range.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
whisperwind Fri, 09/14/2007 - 07:08
User Badges:

1. Connect to the ASA

2. Enter Configuration mode

3. Enter the interface type and number

4. Enter the new ip address

5. Save configuration


This will look as follows, were x is ip address and y is mask:


asa(conf)# int e0

asa(conf-if)# ip address x.x.x.x y.y.y.y




mikros Fri, 09/14/2007 - 07:19
User Badges:

Here is what I typed


enable

p/w

config t

int e0 and I get and error "% Incomplete Command"


TIA

JORGE RODRIGUEZ Fri, 09/14/2007 - 07:31
User Badges:
  • Green, 3000 points or more

please post " show interface " or follow the link I posted for complete CLI syntax.

whisperwind Fri, 09/14/2007 - 07:36
User Badges:

My example said e0, your ASA likely has a different interface type / number, once you determine what that is and enter it in place of my example you should be fine.


A sh run or sh interface will provide that information for you

JORGE RODRIGUEZ Fri, 09/14/2007 - 07:43
User Badges:
  • Green, 3000 points or more

I agree with Whisper, his example script with int e0 should have worked !

mikros Fri, 09/14/2007 - 07:50
User Badges:

when I type sh run I get

Ethernet0/0 - Ethernet0/8



JORGE RODRIGUEZ Fri, 09/14/2007 - 07:54
User Badges:
  • Green, 3000 points or more

are you sure you have an ASA,


do " show version " and post info.

mikros Fri, 09/14/2007 - 07:56
User Badges:

ASA 8.0(2)

Device Mgr 6.0(2)


ASA5505

JORGE RODRIGUEZ Fri, 09/14/2007 - 08:10
User Badges:
  • Green, 3000 points or more

Go to this link, you actually have to configure the ip in VLAN1 and/or VLAN2 instead of the physcal inetertace as this comes as default configuration for the 5505s


so you would do

config t

interface vlan#



http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5505/quick/guide/setup.html#wpxref79743


Defaults


Two VLANs: VLAN 1 and VLAN2


?VLAN 1 has the following properties:


?Named "inside"


?Allocated switch ports Ethernet 0/1 through Ethernet 0/7


?Security level of 100


?Allocated switch ports Ethernet 0/1 through 0/7


?IP address of 192.168.1.1 255.255.255.0


?VLAN2 has the following properties:


?Named "outside"


?Allocated switch port Ethernet 0/0


?Security level of 0


?Configured to obtain its IP address using DHCP



mikros Fri, 09/14/2007 - 08:32
User Badges:

So after I type interface vlan1

I type ip address x.x.x.x y.y.y.y and I get an error "interface address is not on the same subnet as DHCP pool" should I disable DHCP and if so how?



whisperwind Fri, 09/14/2007 - 08:03
User Badges:

Well there you go, your ASA has interfaces labelled as ethernet 0/0 and so forth :-)

mikros Fri, 09/14/2007 - 08:07
User Badges:

I can get to Ethernet0/0 then when I type

ip address x.x.x.x y.y.y.y I get an Error "This can only be configured on VLAN devices"

JORGE RODRIGUEZ Fri, 09/14/2007 - 08:35
User Badges:
  • Green, 3000 points or more

see my previous post.


configure the ip addresses through VLAN#


your inside vlan is VLAN1 and VLAN2 is your outside.


config t

interface vlan1

ip address x.x.x.x MASK



mikros Fri, 09/14/2007 - 08:49
User Badges:

I did that and thats when I get the Error "Interface Address is not on the subnet as your DHCP Pool". I believe my subnet is 255.255.255.255 is there a way to check?



JORGE RODRIGUEZ Fri, 09/14/2007 - 09:15
User Badges:
  • Green, 3000 points or more

do this, if you are connected via console through hyperterminal do a capture-text from the terminal , do show run and save the file as config.txt ..then paste or attach the whole confiuration here.. to take a look at it.. we will need to remove the default dhcp pool configuration in order for you to configure the interface.. thats why it wil not take a different IP block because it does not match the default dhcp pool.




Correct Answer
JORGE RODRIGUEZ Fri, 09/14/2007 - 10:14
User Badges:
  • Green, 3000 points or more

go to enable mode and issue


no dhcpd address 192.168.1.2-192.168.1.33 inside


then configure the vlan to re-ip the interface after that is done go back to placing back dhcp pool for your inside network using your new IP subnet information, follow the pool format you removed for the IP range.


JORGE RODRIGUEZ Fri, 09/14/2007 - 13:43
User Badges:
  • Green, 3000 points or more

Dennis, thanks for the ratings..


Also rememenber to save configuration every time you make changes at the command line by issuing " write mem " , by not doing so your config will be lost when you reboot the firewall.


Thanks

Jorge







Actions

This Discussion