02-18-2014 10:47 AM - edited 03-11-2019 08:47 PM
We are in process of migrating to different ISP thus we have to change the Public IP Addresses.
I have no issue changing inside and outside ip address but the servers in the DMZ are the issue.
We want clients access the DMZ servers from new and current ISP than turn the current one off after about a month or so.
My idea is assign new IP address for inside and outside interfaces and connect the DMZ in to the existing DMZ.
current FW:
inside: 192.168.1.1/24: vlan 192
outside: 10.1.1.1/24: vlan 10
dmz: 172.16.1.1./24: vlan 172
new FW:
inside: 192.168.20.1/24: vlan 168
outside: 10.2.2.2/24: vlan 20
dmz: 172.16.1.2/24 vlan 172
do you see any issue configuring FW like this? ACL and NAT rule will be simlar where outside clients will be reaching the same DMZ servers using different outisde IP addresses. I have ASA5520
ie)
10.1.1.10 -> 172.16.1.10
10.2.2.10 -> 172.16.1.10
02-18-2014 05:12 PM
Hello,
What version are you using on the ASA?
8.3 + no problem
8.2 - not possible.
static (DMZ,outside) 10.1.1.10 172.16.1.10
static (DMZ,outside) 10.2.2.10 172.16.1.10
ERROR: duplicate of existing static
inside:172.16.1.10 to outside:10.1.1.10 netmask 255.255.255.255
Regards,
Felipe.
Remember to rate useful posts.
02-18-2014 06:29 PM
i am running 8.45
02-18-2014 06:32 PM
Then it should be fine. You will need to have both ranges of IPs on the outside at the same time and make sure you have the command:
arp permit-nonconnected
Regards,
Felipe.
Remember to rate useful posts.
02-18-2014 06:42 PM
what will happen if i don't have the command ?
arp permit-nonconnected
02-18-2014 07:31 PM
If you have two networks on the outside, you need the command for the ASA to respond to arp requests:
http://www.cisco.com/c/en/us/td/docs/security/asa/command-reference/cmdref/a3.html#pgfId-1837762
Cisco Worldwide Contact link: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
Regards,
Felipe.
Remember to rate useful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide