10-10-2002 11:59 AM - edited 03-09-2019 12:37 AM
Lets say for example....my 515E config looks like such...
nameif ethernet1 inside security100
ip address inside 199.199.199.1 255.255.255.0
interface ethernet1 auto
static (inside,outside) 199.199.199.0 199.199.199.0 netmask 255.255.255.0 0 0
And I change it to this
nameif ethernet1 inside security100
ip address inside 200.200.200.1 255.255.255.0
interface ethernet1 auto
static (inside,outside) 200.200.200.0 200.200.200.0 netmask 255.255.255.0 0 0
Basically just changing the static mappings and IP address of the internal interface. My questions is. Will this affect any of my rules. I do not think it will but I wanted to check.
Routing would have to change but other than that.
Thanks
10-10-2002 01:11 PM
Your acls will have to change as well. If they reference the IP, you will need to remove the acl and re-apply with the new IPs. Other than routing and acls, you are good.
Hope it helps.
Steve
10-11-2002 04:25 AM
But if the acl looks like such why does it have to be touched
access-list acl_in permit tcp any 199.199.199.45 eq 22
and there is a new route for the 199.199.199.0 network to 200.200.200.0 then does it really matter the acl is just one more hop away
10-11-2002 10:17 AM
The static command creates a permanent mapping between a local IP address and a global IP address. Use the static and access-list commands when you are accessing an interface of a higher security level from an interface of a lower security level. It doesn't have anything to do with routing. Your 199.199.199.0 network is seen on the outside as 199.199.199.0, it's not being NAT'ed to a new IP. So if your acl is allowing access to 199.x.x.x but your static is 200.x.x.x, no one can access 200.x.x.x.
Steve
10-11-2002 10:38 AM
You are correct, Thanks for the input,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: