06-29-2013 10:46 AM - edited 03-11-2019 07:05 PM
Hello all.
Right now everything works fine. The goal I am trying to accomplish is changing our ASA's IP Address from a 192.168.1.* to a 10.10.0.* address.
My issue seems to be the config of the Cisco Switch that the ASA connects to. Right now the port with which the ASA connects to is configured as such:
interface GigabitEthernet0/*
description **Cisco ASA**
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1
switchport mode trunk
spanning-tree portfast
How do I configure this port so that the ASA will work on the new address of 10.10.0.*??
Thank you for any help,
-dave
06-29-2013 11:08 AM
Hi,
if you just want to change the subnet then there is nothing to do on the switch port as it is a layer 2 switch port, just change the IP on the ASA.
Regards
Alain
Don't forget to rate helpful posts.
06-29-2013 11:13 AM
I have tried that but it wont work. I can ping the port now from the switch the ASA is plugged into but when I change the address of the port I cant ping it, this is leading me to believe that it is not working. The ASA and the Switch it plugs into are vlan 1 (192.168.1.*) When I change the Ip of the port in the ASA that plugs into the cisco switch to vlan 10 (10.10.0.*) It does not connect.
06-29-2013 11:34 AM
Hi,
what are you doing that is not working? pinging the ASA interface IP from the switch Vlan IP ?
if so then you must change the SVI IP address to be in the same subnet as the ASA interface.
If it is trying to ping from a host then this host must also have the same IP.
Explain further what you are trying to achieve.
Regards
Alai!n
Don't forget to rate helpful posts.
06-29-2013 11:54 AM
Our network as it is right now is as follows.
ASA-192.168.1.2
Cisco Core Switch - 192.168.1.1
The port that the ASA is plugged into on the Cisco Core Switch is
interface GigabitEthernet0/*
description **Cisco ASA**
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1
switchport mode trunk
spanning-tree portfast
I want to put both the ASA and Cisco Core Switch off of the 192.168.1.X and on to 10.10.0.X
I want to change the ip address of both the firewall and core to 10.10.0.X and still obvioulsy have all my vlans still work as well as internet connection.
Thanks.
06-29-2013 11:58 PM
Hello David,
Okey, so this is a L3 switch (the core one)
So can you share the SVI configuration for vlan 10
sh run interface status
sh ip interface brief (only showing the SVI and physical port config)
Regards,
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
07-01-2013 01:45 PM
interface Vlan10
ip address 10.10.0.1 255.255.0.0
ip helper-address 10.10.X.X
ip helper-address 192.X.X.X
ip pim sparse-dense-mode
end
------------------------------------------------
Vlan10 is up, line protocol is up
Internet address is 10.10.0.1/16
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper addresses are 10.10.X.X
192.168.X.X
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.1 224.0.0.2 224.0.0.22 224.0.0.13
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
Output features: Input interface drop, Check hwidb
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
---------------------------------------
GigabitEthernet0/23 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is XXXXXXXXXXXXX
Description: **Cisco ASA**
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2077000 bits/sec, 292 packets/sec
5 minute output rate 283000 bits/sec, 181 packets/sec
6480966396 packets input, 7387463439244 bytes, 0 no buffer
Received 47396 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
3818105564 packets output, 1093515138891 bytes, 0 underruns
0 output errors, 27714 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 3521 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
--------------------------
interface GigabitEthernet0/23
description **Cisco ASA**
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1
switchport mode trunk
spanning-tree portfast
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide