Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
361
Views
0
Helpful
1
Replies

How to reassign already assigned interfaces (WAN from 0/0 to 0/x)

maramamarama
Level 1
Level 1

‎02-07-2013 09:15 AM - edited ‎03-11-2019 05:57 PM

Hello!

I've finally made progress with DMZ, NAT and subnets... but then I realized that having assigned 0/0 to outside, 0/1 to inside and 0/2 to DMZ resulted in slow transfers between inside and DMZ. After I realized it's becaue only 0/0 and 0/1 ports are gigabit ports and it's fixed (?!?!) I tried to reassign the outside from 0/1 to 0/3. Of course, simple renaming doesen't work because it also affects all other config entries. I've also tried dumping the config, resetting to factory defaults and entering line by line from the dumped and adjusted config file - but that somehow broke my nat/dmz/subnet configuration.

So after several ours already wasted - is there some efficent way just to reassign WAN from 0/0 to 0/3 without all other config getting corrupted/modified?

tia

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎02-07-2013 09:32 AM

Hi,

Since we are talking about the "outside" interface then theres a risk that it will have more configurations tied to it than perhaps some LAN or DMZ interface on the ASA.

To my knowledge there arent any easy or automated ways of migrating the configurations between interfaces and this kind of changes has always meant for me going through these steps

  • Collect configurations related to the interface you are going to move to another physical/logical interface
    • show run | inc is a good command to do this
  • Removing the configurations from the interface about to be moved
  • Reapplying some of the lost commands because of removing the "nameif"
    • Reapplied NAT configurations
    • Attaching the ACL back to the interface with "access-group in interface "
    • Reapplied "route" configurations
  • In your case you might also face the needs to reapply some VPN related configurations if the ASA is serving as a VPN device too

One more thought though...

You could considered doing the changes to "dmz" interface? Perhaps configuring ports 0/2 and 0/3 as FastEthernet Channel (FEC) between ASA and Core switch (if this setup is possible in your case)

I guess it wouldnt probably bring that much bandwith there to be enough.

You have to also take into account that the ASA5510 has its limitations and its throughtput (300Mbps total throughput, shown in the below linked documents) for traffic is way lower than for example the new replacing 5500-X series ASAs.

Heres a link to the documents related to performance

ASA 5500 Series

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80285492.pdf

ASA 5500-X Series

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/at_a_glance_c45-701635.pdf

Hopefully the above information has been helpfull

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card