Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
373
Views
0
Helpful
3
Replies

Move Network from ASA interface

brentz
Level 1
Level 1

‎01-04-2014 06:39 AM - edited ‎03-11-2019 08:25 PM

We have a network that has an interface on our ASA.  This network will be moving to a new location and will now be connected to one of our regular layer 3 switches.  What needs to be done on the ASA to disable this network and allow the correct routes to be in the ASA to allow access from the new location?

Thanks

Brent                  

Labels:
0 Helpful
3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

‎01-04-2014 06:46 AM

Hi,

Well if you have the network configured on one of your interfaces then you naturally need to configure a new network for that link and take this into account in the "route" configurations on the ASA and in the "ip route" configurations on the other devices forwarding traffic to it. 

There will probably be some other configurations that need to be changed to use the new interface network/subnet also depending on if the interface just links to another router or if its directly connected to a host network through a switched network.

- Jouni

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-04-2014 06:48 AM

You would remove any access-lists and NAT rules that reference the interface and then unconfigure it completely (remove the nameif, ip address, security level assigned and, if monitoring as part of an HA pair, the monitor command).

Once the ASA no longer knows about the network as connected, you would need to check your existing routing processes or static route statements to ensure reachability of the network.

If you could provide the configuration we could provide more explicit instructions.

0 Helpful

Oscar Castillo
Level 1
Level 1

‎01-04-2014 06:58 AM

Remove the vlan from the ports, #shut, remove routings.

Make sure inside services, management configuration don't get affected by removing sources.

Regards,
Oscar



Sent from Cisco Technical Support iPhone App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card