move asa interfaces

Dmitriy Popov · ‎11-24-2012

hi all
i have working 5510 with some NAT and access lists configured. I use secplus license on 5510. Now I want to move couple of interfaces from 100 to 1000 port without lose of configured rules. if I try to remove existing interface and create it on another port ASA removes all rules associated with interface(((
how I can do it without deleting rules?

Sent from Cisco Technical Support Android App

Marvin Rhoads · ‎11-24-2012

Doing what you need is a bit tricky. You will need to copy off the rules and reapply them to the new interface once you have set it up. If there's any way around that, I'm not aware of it.

Hope this helps.

Dmitriy Popov · ‎11-25-2012

I have about 90 NAT rules and about twice more
acls. Do you know about tool to export/import rules belonging to a particular interface?

Sent from Cisco Technical Support Android App

Marvin Rhoads · ‎11-25-2012

It's not so much a tool as it is just recreate the rules and apply to the newly redesignated interfaces. Here's an outline of what I have done in the past:

Save the config offline in a text file.

Note the NAT and access-lists that will be affected.

Change your interface designations (this will delete any associated NAT and access-list config)

Add in the deleted config lines from your backup file and compare / test for verification.

You may find it useful to look at the before and after configs in a difference comparison tool like the free ExamDiff. It will highlight anything you may have missed. http://www.prestosoft.com/edp_examdiff.asp