Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
720
Views
0
Helpful
3
Replies

(Noob question) How to change firewall in production?

Go to solution
Paul113331
Level 1
Level 1

‎08-18-2015 01:41 AM - edited ‎03-05-2019 02:05 AM

Hello community, I would like to change the firewall from Zywall (In my opinion a very bad one) to a cisco asa firewall (ASAv). But before I configure the firewall I have the overall noob question: How do I change the firewall in production when we have only one static ip address? First I thought I put a switch between Modem and the Zywall so that I can connect my cisco asav to the switch, but what should I do then with the ip address? I have only one (lets say 83.10.12.4). This ip address is configured on the zywall when I connect now my asa firewall with the same ip address connected to the switch will I get problems? Maybe that packets are not received anymore by the zywall but instead of the asav. Or that they interrupt anyhow when they have both the same ip address. How can I accomplish this? Second question: Does maybe somebody have a good Starting tutorial how to setup a asav firewall on vmware? Thank you Paul
Labels:
Preview file
10 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎08-18-2015 07:26 AM

If you have only a single address then it will not work to have both the Zywall and the ASA active at the same time. If both are active and have the same IP address then when the provider modem does an ARP for the address both will respond. The modem will pick one of the MAC addresses and traffic will go to that device. But the next time the modem does ARP it may choose the MAC of the other device. So it could be inconsistent which firewall is getting the traffic.

 

In this case your best approach would be to configure the ASAv and then at a time that you choose to disconnect the Zywall and connect the ASA.

 

HTH

 

Rick

HTH

Rick

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎08-18-2015 07:26 AM

If you have only a single address then it will not work to have both the Zywall and the ASA active at the same time. If both are active and have the same IP address then when the provider modem does an ARP for the address both will respond. The modem will pick one of the MAC addresses and traffic will go to that device. But the next time the modem does ARP it may choose the MAC of the other device. So it could be inconsistent which firewall is getting the traffic.

 

In this case your best approach would be to configure the ASAv and then at a time that you choose to disconnect the Zywall and connect the ASA.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Go to solution
Paul113331
Level 1
Level 1
In response to Richard Burts

‎08-18-2015 07:43 PM

Thank you for the answer.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Paul113331

‎08-19-2015 03:58 AM

You are welcome. Thank you for using the rating system to mark this question as answered. This will help other readers in the forum to identify posts which have helpful information. I hope that you will continue to participate in the forum.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents