Converting interface to different subinterfaces on ASA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2012 06:36 AM - edited 03-11-2019 05:22 PM
Hi,
I have a cluster with cisco 5550 asa's.
I need to have mulpti new DMZ zones on our firewall, and since we already have 8 interfaces in use, I need to swap one interface from one DMZ to multiple DMZ's using subinterfaces...
My question is now, what will happen with the current rule-base and NAT rules configured on this particular interface during the conversion to subinterfaces ?
Anyone any experience ? or a best practice to do this ?
We have +70 NAT rules for this interface and +120 rules in our rulebase....
Karl
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2012 07:41 AM
The NAT rules will disappear because the interface will disappear. The rule base should stay in place but it will no longer be applied to the interface.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2012 07:58 AM
So it will be a good idea to delete all nat config prior to make the changes to keep a clean config ?
Sent from Cisco Technical Support Android App
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2012 10:11 AM
No need to delete them all since the only ones that will be removed are the ones associated with the interface that disappears.
