Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
539
Views
0
Helpful
3
Replies

Switching ISP Provider

Go to solution
tsabsuavyaj
Level 1
Level 1

‎10-29-2012 08:58 PM - edited ‎03-11-2019 05:15 PM

When a company switch ISP provider and receive a new block of public IPs, what is the best practice to reconfigure the ASA, its outside interface, DNS, default route and other services like SMTP, sftp with minimum downtime? Is there anything that I can configure in advance if I know the new block of public IPs ?  This is my first time having to switch ISP provider, so don't mind me asking such a dumb question.  Any feedback or suggestion is appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎10-29-2012 09:06 PM

The only thing that you can pre-configure before the cutover is any access-list that is applied to the outside interface. You can start configuring the extra lines of access-list for the new block of IP.

Any other configuration, like outside interface, default route, NAT statement, DNS should really be configured on the cutover itself. You can't really preconfigure it on the ASA as it will conflict with the existing service. You can however get all the commands ready on a notepad, and just copy and paste the new IP (including removing the old IP) during the cutover.

I would also schedule maintenance window to perform all that.

Hope that helps.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎10-29-2012 09:06 PM

The only thing that you can pre-configure before the cutover is any access-list that is applied to the outside interface. You can start configuring the extra lines of access-list for the new block of IP.

Any other configuration, like outside interface, default route, NAT statement, DNS should really be configured on the cutover itself. You can't really preconfigure it on the ASA as it will conflict with the existing service. You can however get all the commands ready on a notepad, and just copy and paste the new IP (including removing the old IP) during the cutover.

I would also schedule maintenance window to perform all that.

Hope that helps.

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎10-30-2012 01:33 AM

For a migration like this you should run at least v8.3. With the changed NAT-model the amount you have to reconfigure is much less then with the version 8.2 and below. With 8.3+ you normally only have to change the interface-ip, default-route and your nat-statements.

You could also consider to run both lines in parallel for a month or so. That way you can migrate server for server to the new ISP and you don't have to do it all at once. But if there are not that many systems involved I'd prefer to do a complete switchover on one weekend instead of doing it over a longer period server by server.

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
tsabsuavyaj
Level 1
Level 1

‎10-30-2012 09:30 AM

Thank you both very much.  It helps a lot now knowing what I can preconfigure and do during the cut over.  We do not have that many servers and services so I might just do it all at once over a weekend.  Appreciated!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card