07-28-2008 09:13 AM - edited 02-21-2020 02:56 AM
new ASA 5505, tying to configure it, inside LAN is 192.168.2.x/23 (255.255.254.0). I connect to ASA5505 using ASDM ok when it is on the default 192.168.1.1. I change the ip on 'inside' vlan, and of course lose connection to it. It apparently doesn't totally save the info, though, because I can't connect to it using the new info. So, I made a vlan3, using port 0/2, using ip of 192.168.2.x/23 while connected to 192.168.1.1. Then I changed ip of my computer from 192.168.1.x to 192.168.2.x/23 but cannot even ping that port/ip on the ASA while connected to port 0/2. I switched computer back, and connected again to 192.168.1.1 and it does appear that my new settings for 0/2 are still there, so I'm not sure how to proceed? Thanks.
07-28-2008 05:40 PM
You could try:
ciscoasa#config t
ciscoasa(config)#configure factory-default ip-address
I am unsure if you can add a mask to that, but it *should* come up with your new IP address.
Mike
08-18-2008 04:48 PM
Sorry, had family emergency and was off for 2 weeks, then when came back had other work to catch up on.
Thanks for the reply. It would appear that the command you provided sets it back to default settings. I was able to set it back to default settings, but am now unsure as how to proceed to get the "inside" set to 192.168.2.0/23 and still be able to access it.
If I go back in, I can change "inside" to 192.168.2.1/23, but lose connection, so it "sort of" gets saved, in the respect that sometimes I can ping it, sometimes not. But can never connect to it.
Thanks, and sorry again about the delay.
08-18-2008 11:25 PM
Before you change the IP, you need to give this new IP address access to telnet/ASDM.
asdm location ...
telnet ... interface
Also are you keeping the same security level for both interfaces?
Regards
Farrukh
08-19-2008 09:22 AM
I had finally gotten it set back to factory defaults, so I had already tried again prior to seeing your reply.
I simply used ASDM to change 0/1 IP to 192.168.2.1/23 and then changed computer's IP. Connected via console, and it seemed ok.
But, no matter what, I cannot connect using the ASDM once I change the IP. I can ping the ASA fine, and connect thru console, but not ASDM.
Since I just changed IP this time, didn't try to set up a VLAN, I didn't change any security level or anything.
Thanks
08-19-2008 11:21 AM
I believe you have to authorize your new network to access the http services on the asa. Try the following from a command line:
asa(config)# http 192.168.2.0 255.255.254.0 inside
asa(config)# write memory
Regards,
Alberto
08-19-2008 07:51 PM
thanks, that did the trick. Can't you set that in ASDM? I'd hate to have to do that whenever I change the internal IP (just trying to learn it right now, not in service yet).
Steve
08-20-2008 06:23 AM
Yes this can be configured in ASDM. Let's say you decided to change your internal address to 10.10.10.1 / 255.255.255.0
You will want to authorize this new network prior to making the ip address change so you can manage the ASA after you apply the new settings.
In ASDM click on the Configuration Icon then in the left pane at the bottom choose Properties. Then in the pane to the right choose Device Access and click on HTTPS/ASDM.
Click ADD.
Interface Name: Inside
IP Address: 10.10.10.0
Mask: 255.255.255.0
Regards,
Alberto
08-19-2008 07:49 PM
Wasn't aware needed to give the IP address access, but have done so now. Ok now.
basic question on security, since you mentioned it, why is the default "outside" level 0, isn't the lowest security? Shouldn't it be 100?
Thanks, Steve
08-19-2008 09:24 PM
This is how Cisco has named it. A higher security level implies a 'more secure' zone. As in a 'safer' place :) Since its already 'more secure'/safe the firewall can be a little lenient that that zone.
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: