ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
396
Views
0
Helpful
2
Replies
Highlighted
Beginner

Migrating subnets (ASA behind BGP routers)

Hello,

We have 2 ISPs and are currently running BGP to advertise a subnet that was re-assigned to us from one of the ISPs.  We just received a direct IP assignment from ARIN and need to migrate to the new subnet we received so we can return the old subnet to the ISP.  It seems pretty straight forward as far as the routers go.  I plan to notify the providers of the new subnet and then just add secondary IP addresses from the new subnet to the router interfaces in the old subnet and then configure BGP to advertise the new subnet.  I'm not sure how to handle this on the ASA firewall that is behind the routers though.  The "outside" interface of the ASA is currently assigned an address from the old subnet and then has static NATs to translate other addresses from that subnet to hosts behind it.  I was hoping to add a secondary IP to the outside interface just like the routers and then configure that NATs and access rules so we could migrate hosts individually and test.  It doesn't seem that the ASA allows for secondary addresses though.  Is there another way to approach this?  Any help would be appreciated.

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

Migrating subnets (ASA behind BGP routers)

Andy

You don't need secondary addressing for the ASA. As long as the new subnet is routed to the outside interface of the ASA then it will respond to requests for those addresses. So you can simply change the NATs as you migrate from one subnet to another.

Jon

View solution in original post

2 REPLIES 2
Highlighted
Hall of Fame Guru

Migrating subnets (ASA behind BGP routers)

Andy

You don't need secondary addressing for the ASA. As long as the new subnet is routed to the outside interface of the ASA then it will respond to requests for those addresses. So you can simply change the NATs as you migrate from one subnet to another.

Jon

View solution in original post

Highlighted
Beginner

Migrating subnets (ASA behind BGP routers)

Thanks Jon, I confirmed that this works today.  I guess I was expecting it to be more difficult than it is...

Thanks again.