Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
234
Views
2
Helpful
2
Replies

Changing ISP with publics IP

abtt-39
Level 1
Level 1

‎01-23-2024 07:40 AM

Hello

I would like to know best way to change ISP on a pair of asa ( active - standby).

Currently, there are 14 public IPs on the ASA.
By searching in the configuration txt file in :
Outside interface, VPN, network objects, NAT, static route, crypto ca trustpoint ASDM_TrustPoint7
enrollment self
subject-name etc...

Apart from the ASA, we also have these IPs in a reverse proxy, in a proxy, DNS server, and in an external WAAP.

The new ISp assigned me a pool of public IP addresses

I made a table with old IP / new IP

I communicated to the future new ISP the IP addresses that they will have to apply to the physical interfaces of their router (I will not have access to this router).

For my part, I will take the last txt backup of the ASA running-configuration, I will modify all the IPs with the new ones and on the day of the migration, I will inject the new configuration into the ASA, by running- conf

We will modify the IPs in DNS, proxy, reverse proxy and WAAP.

This requires a reboot of the ASA pair, I imagine? So I will have to do a write.

 

Before switching the ASAs, I will test the new operator by connecting with a laptop directly to their router, to check that I have the Internet and that the speeds are good.

And what is the right way to do it? Did I forget things?

0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎01-23-2024 05:40 PM 

For my part, I will take the last txt backup of the ASA running-configuration, I will modify all the IPs with the new ones and on the day of the migration, I will inject the new configuration into the ASA, by running- conf

This seems to be reasonable approach.

This requires a reboot of the ASA pair, I imagine? So I will have to do a write.

There is no requirement to reboot - but if your ASA running for Long then reboot will be good to clear all ay buffer issues.

Before switching the ASAs, I will test the new operator by connecting with a laptop directly to their router, to check that I have the Internet and that the speeds are good.

yes this is very good steps, since you are sure the ISP working.

Keep the role back plan also to revert to OLD IP and other stuff - if the new cutover not go as expected, so you ready for rollback to working condition.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World
VIP
VIP

‎01-24-2024 12:54 AM

The new IP change in 

1- interface 

2- NAT if you use NAT many to many' i.e. using pool of public IP

3- VPN ( here the new IP must change in peer not in your asa)

So from all above three point I think only first you need it in asa' 

And to be sure 

Show run | i x.x.x.x

This show you where old IP used.

This make task more easy

Goodluck friend 

Have a nice day 

MHM

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card