Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2258
Views
0
Helpful
0
Replies

How to move the ISP link to another firewall and only adding a new default gateway on Cisco ASA?

JHVindasC
Level 1
Level 1

‎06-09-2020 08:25 AM

Hello,

I want to move our ISP link from the ASA to another firewall which have more capabilites like web filtering, app filtering, etc.

 

Since I dont want to change everything right now, I have to maintain the ASA on the network for some static routes and other stuff.

 

I was trying to change the IP on the interface that have the ISP link on the ASA and change the default gateway to a new IP so we can route the traffic to the new one but I was unable to make it work. I was able to ping the next hop but not routing the traffic through it.

I know Im missing something but Im not sure what it is, maybe I have to adjust the ACL to match the criteria? Do I need to do something more than just change an IP and add the new default gateway?

 

topo.png

To a better understanding of my situation I added this topology.

Let's say that I want to use 10.10.10.0/30 for the interface I have on the WAN zone, so the ASA will have 10.10.10.2/30 and the new firewall will have the 10.10.10.1/30, both connected directly.

Now, I changed the IP address on the ASA and configured the new default gateway using the 10.10.10.1 as the next hop.

Do I need to create a new ACL? How should the ACL will be?

I appreciate all the help I can get from you,

 

Thanks in advance.

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card