Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
3
Helpful
3
Replies

Converting interface to different subinterfaces on ASA

karl.dorme
Level 1
Level 1

‎11-13-2012 06:36 AM - edited ‎03-11-2019 05:22 PM

Hi,

I have a cluster with cisco 5550 asa's.

I need to have mulpti new DMZ zones on our firewall, and since we already have 8 interfaces in use, I need to swap one interface from one DMZ to multiple DMZ's using subinterfaces...

My question is now, what will happen with the current rule-base and NAT rules configured on this particular interface during the conversion to subinterfaces ?

Anyone any experience ? or a best practice to do this ?

We have +70 NAT rules for this interface and +120 rules in our rulebase....

Karl

Labels:
0 Helpful
3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

‎11-13-2012 07:41 AM

The NAT rules will disappear because the interface will disappear. The rule base should stay in place but it will no longer be applied to the interface.

0 Helpful

karl.dorme
Level 1
Level 1

‎11-13-2012 07:58 AM

So it will be a good idea to delete all nat config prior to make the changes to keep a clean config ?


Sent from Cisco Technical Support Android App

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to karl.dorme

‎11-13-2012 10:11 AM

No need to delete them all since the only ones that will be removed are the ones associated with the interface that disappears.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card