Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Change IP Address for Outside Interface

We are going to move the ASA to a different remote location.  Therefore, we need to change the IP address of outside interface since the IP address will be different.  Do I connect to the Console port and change the IP address of the Outside interface and other NAT statements?  Please let me know if you want to see the config or have any questions.

Thanks.

Laura

4 REPLIES

Re: Change IP Address for Outside Interface

Laura,

Since you're changing IPs and you have the option to connect to the console that's the recommendation (so you won't loose access).

Also, if you're entering the ASA via another interface, changing the outside IP will not drop you out of the ASA.

The only real advertisement here, is that don't change the outside IP while connected to the outside interface!

If you're just moving the ASA from location, make sure to change the outside IP, the default gateway and in case you need to change NAT and ACL statements as well.

Let us know if you have any questions.

Federico.

New Member

Re: Change IP Address for Outside Interface

Federico,

Thanks for your prompt response and suggestions.   You sugested " Also, if you're entering the ASA via another interface, changing the outside IP will not drop you out of the ASA.  The only real advertisement here, is that don't change the outside IP while connected to the outside interface!"

My second interface is not configured.  So, first I need to configure the second interface.  Then, SSH in to the second interface (66.102.7.11) from the Corporate office and change the IP address of the Outside interface (66.102.7.10)

interface Ethernet0/0
nameif Outside
security-level 0
ip address 66.102.7.10 255.255.255.0

interface Ethernet0/1
nameif Inside
security-level 100
ip address 192.168.100.254 255.255.255.0


interface Ethernet0/2
nameif backup
security-level 0
ip address 66.102.7.11 255.255.255.0

Thanks.

Laura

Hall of Fame Super Blue

Re: Change IP Address for Outside Interface

laurabolda wrote:

Federico,

Thanks for your prompt response and suggestions.   You sugested " Also, if you're entering the ASA via another interface, changing the outside IP will not drop you out of the ASA.  The only real advertisement here, is that don't change the outside IP while connected to the outside interface!"

My second interface is not configured.  So, first I need to configure the second interface.  Then, SSH in to the second interface (66.102.7.11) from the Corporate office and change the IP address of the Outside interface (66.102.7.10)

interface Ethernet0/0
nameif Outside
security-level 0
ip address 66.102.7.10 255.255.255.0

interface Ethernet0/1
nameif Inside
security-level 100
ip address 192.168.100.254 255.255.255.0


interface Ethernet0/2
nameif backup
security-level 0
ip address 66.102.7.11 255.255.255.0

Thanks.

Laura

Laura

You won't be able to do this because you can't have 2 interfaces using IPs from the same subnet.

If there is no other way in to the ASA other than through the outside interface from where you are then i would recommend going to the site if possible and if not talking someone through it onsite otherwise you could end up locking yourself out of the firewall, leaving it non-functioning until you can get to the site.

If you had a backdoor into the site ie. not through the ASA then you could connect from inside the site to the inside interface and make your changes.

Jon

Re: Change IP Address for Outside Interface

Yes.

What I mean is that if you're connected to E0 it does not matter if you change or modify another interface (why I mean with it does not matter is that it won't kick you out of the ASA).

Federico.

533
Views
0
Helpful
4
Replies