11-20-2007 06:09 AM - edited 03-11-2019 04:33 AM
After many years with the same ISP, we are switching. We will not be able to use the same public IP address. For those of you who have had to completely review your firewall rules, is there any easy way or documentation on doing this?
11-20-2007 09:08 AM
My friend I ran into the exact same scenario, there is no other way other than conduct a thorough fw configuration isnpection, however, since you are chanching ISP which is mosutly your public IP block, glocal NAT, static NATs new defualt routes etc.. you can do the complete migration from PDM/ASDM, when chnaging these PDM automcatically updates rules, but good to have a backout plan or script for CLI as other resource of changing configuration . If you have any particular question Im sure someone will provide some hints.
Rgds
Jorge
11-20-2007 10:49 AM
The way we designed it, we have one vlan that faces the internet. We also have redundant ISPs as one of the requirements. For us that is not a huge load to migrate between ISPs.
Satya
11-21-2007 10:21 AM
Thanks Jorge & Satya. I was afraid it was going to be pretty much of a manual process. Luckily, we are a small org with less than 10 VPN's so, hopefully, downtime will be minimal.
11-21-2007 11:32 AM
Hi,
If possible, you could make it easier by getting a new box, configure for the new isp and then cutover with minimal downtime. I always find these exercises a good time to upgrade hardware as well.
Thanks
John
11-21-2007 12:13 PM
:) Thanks, John, that would be great but the $ just aren't there. We're able to do the switch because it's basically just paying a different vendor. I'd love to swap out the 515E's but I guess that'll have to wait.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: