How do I change subnets on an ASA 5505 ?

Unanswered Question
Dec 24th, 2008
User Badges:

The ASA 5505 comes with a default IP of 192.168.1.1. I need 192.168.10.1. I can change it with Telnet, with https Applet and with https Startup Wizard, but then I am locked out until I go back in with Telnet and put it back to 192.168.1.1.


When I Show Run with Telnet I can see that Vlan1 is set to 192.168.10.1, but also that http Server is still set to 192.168.1.1. If this is the problem, how do I set the http server to 192.168.10 as well ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
MyersEngineering.com Wed, 12/24/2008 - 08:03
User Badges:

Well this isn't quite it. I just did a Show Run and found this:

http server enable

http 192.168.10.1 255.255.255.255 inside

http 192.168.1.0 255.255.255.0 inside


I entered these in a screen where I was invited to tell it who could log on, and entered them both so I could get in with either subnet.


When I change the subnet on my network card to 10 and try entering the ASA 5505 with https://192.168.10.1 I am asked for the username and password. Nothing I enter here is accepted. With 192.168.1.1 I get no such challenge. With Telnet I leave the username blank and enter the password I gave it and get in. But that password isn't good enough with 192.168.10.1.



John Blakley Wed, 12/24/2008 - 09:28
User Badges:
  • Purple, 4500 points or more

Your default IP is set by changing the inside interface. The http command allows those hosts or ranges to be able to connect to the firewall via ASDM. If you can't get back in, you could change your workstation IP to the 192.x.x.x address that you accidentally changed, and that should allow you to get back into it. You need to make sure that you are on the same subnet as the new address that you change your ASA to, and also make sure that you've allowed that subnet access before you make your address change. If you haven't saved it since you lost connection, you can always reboot and it will be like it was since the last save.


HTH,


John

MyersEngineering.com Fri, 12/26/2008 - 06:19
User Badges:

Thank you John.


I have been fighting this thing for a long time. Its a good thing my Checkpoint firewall isn't as bad as I thought it was because it has to hold the fort until this thing comes online.


OK, I have two NICs. One is at 192.168.1.28 and one is at 192.168.10.48.

I got back in with my blue telnet cable and Hyperterminal.


I then set the ASA 5505 to use 192.168.1.1 again, then accessed it with https://192.168.1.1 through the 192.168.1.28 NIC.


Once in I went for the Setup Wizard and set the IPs that have permission to access it to both 192.168.1.28 and 192.168.10.48.

I left in place the original 192.168.1.1 because it has a net mask of 255.255.255.0, and the only mask I can give the others is 255.255.255.255, which looks to me like they will be masked out :O


Then I bravely clicked on FINISH, and closed the browser tab.


Next, I went back to Hyperterminal and entered Config t, then interface vlan1, then ip address 192.168.10.1.


Then I put my ethernet cable into the NIC that is set to 192.168.10.48 and attempted to access the ASA 5505.


It produces a dialog telling me that authentication is required, and asking for my username and password.


When I use 192.168.1.1 this doesn't happen. But I had given it a password. After that it asked for the password a couple of times and was happy when I put it in. Then it quit asking for it.


So I enter the password, leaving the username blank, and it asks for it again.


So I try leaving it blank, and it asks for it again.


So I try entering CISCOASA, which is the username it says it has, and the password, and it asks for it again.


Reckon I'll go back to Hyperterminal and change the password to nothing and see if that helps.

MyersEngineering.com Fri, 12/26/2008 - 06:33
User Badges:

I tried removing the password with

passwd

and not entering anything, but it said it was an incomplete command. So I tried

no passwd

and it took it. But still when I go back to the browser and try to enter the ASA 5505 as 192.168.10.48 I am challenged for a username and password, and nothing I give it is acceptable.

charles.spaid Tue, 12/30/2008 - 09:28
User Badges:

The passwd statement is only going to be used for intial login and telnet. If telnet is configured to allow connections but no authentication method is specified, it will prompt the user for the passwd.


With that said, HTTP(s) access to the ASA is going to want to authenticate to the local database. This means that you need to create a username within the ASA. In global config, type: "username cisco password cisco privilege 15"


Type the newly created credentials into the prompt when trying to access the ASA via HTTP(S).


HTH

Actions

This Discussion