I am getting a larger range of IPs from my ISP. Unfortunately, they are not within the range that I have now but they will be coming in from the same T1 connection.
I have numerous statically maped address to web and ftp servers. I can't statically map two outside addresses to a single DMZ address. So how can I make a smooth transition from the old IPs to the new? I would like to have both up for a week to give my DNS records a change to expire before cutting off the old subnet.
I would suggest you create another Outside VLAN/interface on your firewall and put the new address space on that.
Then create secondary IP addresses on your web and FTP servers and create new NAT mapping for those on your firewall.
You might get problems with servers that don't allow secondary IP addresses on the same range as the original, in which case you would have to create another DMZ interface on your firewall and either use secondary addresses on the servers or add additional NIC (network interface card) hardware on them and configure them on the new DMZ. Then you should be able to accommodate requests from outside before and after DNS records get updated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...