Re: 515E ip address inside x.x.x.x

cblack · ‎10-10-2002

Lets say for example....my 515E config looks like such...

nameif ethernet1 inside security100

ip address inside 199.199.199.1 255.255.255.0

interface ethernet1 auto

static (inside,outside) 199.199.199.0 199.199.199.0 netmask 255.255.255.0 0 0

And I change it to this

nameif ethernet1 inside security100

ip address inside 200.200.200.1 255.255.255.0

interface ethernet1 auto

static (inside,outside) 200.200.200.0 200.200.200.0 netmask 255.255.255.0 0 0

Basically just changing the static mappings and IP address of the internal interface. My questions is. Will this affect any of my rules. I do not think it will but I wanted to check.

Routing would have to change but other than that.

Thanks

steve.barlow · ‎10-10-2002

Your acls will have to change as well. If they reference the IP, you will need to remove the acl and re-apply with the new IPs. Other than routing and acls, you are good.

Hope it helps.

Steve

cblack · ‎10-11-2002

But if the acl looks like such why does it have to be touched

access-list acl_in permit tcp any 199.199.199.45 eq 22

and there is a new route for the 199.199.199.0 network to 200.200.200.0 then does it really matter the acl is just one more hop away

steve.barlow · ‎10-11-2002

The static command creates a permanent mapping between a local IP address and a global IP address. Use the static and access-list commands when you are accessing an interface of a higher security level from an interface of a lower security level. It doesn't have anything to do with routing. Your 199.199.199.0 network is seen on the outside as 199.199.199.0, it's not being NAT'ed to a new IP. So if your acl is allowing access to 199.x.x.x but your static is 200.x.x.x, no one can access 200.x.x.x.

Steve

cblack · ‎10-11-2002

You are correct, Thanks for the input,