https://community.cisco.com/t5/network-security/comcast-ciena-handoff-to-asa5506/m-p/5145093#M1114295 <P>If i understand correctly, you are changing ISPs.. so you need to change few&nbsp; things:</P> <P>1) ip address / mask</P> <P>2) static default route to point to new isp</P> <P>3) any inbound or outbound that was referencing a IP (other than outside interface ip) has to be change.. this is only required if you have any NAT..</P> <P>4) if you have VPN tunnel etc, then other side should change to new ip..</P> <P>you can use any ip in the range .130-134..</P> <P>i would save the config and backup it up.. and then make the modification. BTW i would suggest going to the new firepower 1000 series.. they are more powerful&nbsp; and full NGFW capabilties that are much better than 5506..</P> Mon, 15 Jul 2024 17:20:01 GMT ccieexpert 2024-07-15T17:20:01Z https://community.cisco.com/t5/network-security/comcast-ciena-handoff-to-asa5506/m-p/5144414#M1114254 <P>Greetings! I inherited a network where the primary firewall device is an ASA 5506 (we're hoping to upgrade later this year).</P><P>Before I came on board, we had Comcast's EDI service installed. They provided a layer 3 IP and a block of usable static IPs. Comcast installed a Ciena 3903 as the terminating device.</P><P>Currently, we are using Comcast's Small Business internet but I have been tasked with setting up the ASA so that we can use the EDI service. The outside interface of the ASA currently has a static IP from the small business internet (1 of a block of 5 we have from them), so I'm at a bit of a loss as to how to change the ASA to use the EDI service since I need to account for the layer 3 IP AND the usable static IPs. This kind of setup is new to me and maybe I'm just overthinking it...any help would be appreciated. Here's what we've been given (not real IPs):</P><P>layer 3 = 50.123.456.4/30 --- GW is .5 --- IP is .6</P><P>usable block = 50.456.789.128/29 --- GW is .129 --- IP block is .130-134</P><P>My current outside interface on the ASA is just a small business static IP from Comcast (96.111.222.91). And my current inside interface IP is a private IP 10.8.10.254.</P><P>My gut told me to set up the outside interface with one of the usable IPs from the block (.131) and then set up a static route that hops to the layer 3 IP (.6) with its associated GW (.5)...but so far, I can't get it to work. Am I off track?</P><P>Feel free to ask questions for clarification.</P> Sat, 13 Jul 2024 01:50:05 GMT https://community.cisco.com/t5/network-security/comcast-ciena-handoff-to-asa5506/m-p/5144414#M1114254 rshockley 2024-07-13T01:50:05Z https://community.cisco.com/t5/network-security/comcast-ciena-handoff-to-asa5506/m-p/5145093#M1114295 <P>If i understand correctly, you are changing ISPs.. so you need to change few&nbsp; things:</P> <P>1) ip address / mask</P> <P>2) static default route to point to new isp</P> <P>3) any inbound or outbound that was referencing a IP (other than outside interface ip) has to be change.. this is only required if you have any NAT..</P> <P>4) if you have VPN tunnel etc, then other side should change to new ip..</P> <P>you can use any ip in the range .130-134..</P> <P>i would save the config and backup it up.. and then make the modification. BTW i would suggest going to the new firepower 1000 series.. they are more powerful&nbsp; and full NGFW capabilties that are much better than 5506..</P> Mon, 15 Jul 2024 17:20:01 GMT https://community.cisco.com/t5/network-security/comcast-ciena-handoff-to-asa5506/m-p/5145093#M1114295 ccieexpert 2024-07-15T17:20:01Z