Solved: Migrating subnets (ASA behind BGP routers)

arudolph_emd · ‎07-21-2011

Hello,

We have 2 ISPs and are currently running BGP to advertise a subnet that was re-assigned to us from one of the ISPs. We just received a direct IP assignment from ARIN and need to migrate to the new subnet we received so we can return the old subnet to the ISP. It seems pretty straight forward as far as the routers go. I plan to notify the providers of the new subnet and then just add secondary IP addresses from the new subnet to the router interfaces in the old subnet and then configure BGP to advertise the new subnet. I'm not sure how to handle this on the ASA firewall that is behind the routers though. The "outside" interface of the ASA is currently assigned an address from the old subnet and then has static NATs to translate other addresses from that subnet to hosts behind it. I was hoping to add a secondary IP to the outside interface just like the routers and then configure that NATs and access rules so we could migrate hosts individually and test. It doesn't seem that the ASA allows for secondary addresses though. Is there another way to approach this? Any help would be appreciated.

Thanks.

Jon Marshall · ‎07-21-2011

Andy

You don't need secondary addressing for the ASA. As long as the new subnet is routed to the outside interface of the ASA then it will respond to requests for those addresses. So you can simply change the NATs as you migrate from one subnet to another.

Jon

View solution in original post

Jon Marshall · ‎07-21-2011

Andy

You don't need secondary addressing for the ASA. As long as the new subnet is routed to the outside interface of the ASA then it will respond to requests for those addresses. So you can simply change the NATs as you migrate from one subnet to another.

Jon

arudolph_emd · ‎07-25-2011

Thanks Jon, I confirmed that this works today. I guess I was expecting it to be more difficult than it is...

Thanks again.