11-07-2017 04:03 AM - edited 02-21-2020 06:39 AM
Hello All,
Two production firewalls connected in Fail-over mode. We would like to change the IP on Inside interface.
Will there be any impact to other configuration (e.g ACL, NAT statements) ? Also what precautions need to be taken care while implementing the change?
PS: we are not using the dynamic routing , static routes are going to be updated in change.
Thanks,
Sanket
11-07-2017 06:20 AM
Hi,
I´d issue show run | inc "Inside IP address". Save the output to a txt file and I´d look at every line that the Inside IP address came to light. Then, I´d prepare an script change those lines accordingly.
-If I helped you somehow, please, rate it as useful.-
11-07-2017 07:41 AM
f1# sh run | i 10.103.65
ip address 10.103.65.1 255.255.255.0 standby 10.103.65.2
route inside 10.0.0.0 255.0.0.0 10.103.65.5 1
route inside 10.103.0.0 255.255.0.0 10.103.65.5 1
route inside 192.168.1.0 255.255.255.0 10.103.65.5 1
f1# sh ip address
System IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/0 outside 10.103.64.6 255.255.255.0 CONFIG
GigabitEthernet0/1 inside 10.103.65.1 255.255.255.0 CONFIG
GigabitEthernet0/2 dmz 10.103.66.1 255.255.255.0 CONFIG
11-07-2017 07:44 AM
Good for you. Just a few lines to change.
-If I helped you somehow, please, rate it as useful.-
11-07-2017 07:47 AM
11-07-2017 07:52 AM
Only if nat was configured using IP address, then you should see on the output. If NAT is using interface, shouldn't have any problems.
Maybe it is a good idea after change and save reload firewall.
-If I helped you somehow, please, rate it as useful.-
11-07-2017 07:54 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide