cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


731
Views
0
Helpful
3
Replies
Highlighted
Beginner

move asa interfaces

hi all
i have working 5510 with some NAT and access lists configured. I use secplus license on 5510. Now I want to move couple of interfaces from 100 to 1000 port without lose of configured rules. if I try to remove existing interface and create it on another port ASA removes all rules associated with interface(((
how I can do it without deleting rules?


Sent from Cisco Technical Support Android App

Everyone's tags (4)
3 REPLIES 3
Hall of Fame Master

move asa interfaces

Doing what you need is a bit tricky. You will need to copy off the rules and reapply them to the new interface once you have set it up. If there's any way around that, I'm not aware of it.

Hope this helps.

Beginner

Re:move asa interfaces

I have about 90 NAT rules and about twice more
acls. Do you know about tool to export/import rules belonging to a particular interface?

Sent from Cisco Technical Support Android App

Hall of Fame Master

Re:move asa interfaces

It's not so much a tool as it is just recreate the rules and apply to the newly redesignated interfaces. Here's an outline of what I have done in the past:

Save the config offline in a text file.

Note the NAT and access-lists that will be affected.

Change your interface designations (this will delete any associated NAT and access-list config)

Add in the deleted config lines from your backup file and compare / test for verification.

You may find it useful to look at the before and after configs in a difference comparison tool like the free ExamDiff. It will highlight anything you may have missed. http://www.prestosoft.com/edp_examdiff.asp