cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
31651
Views
15
Helpful
2
Replies

ASA secondary IP address configuration

vipinrajrc
Level 3
Level 3

Hi Experts,

Is it possible to configure a secondary IP address in outside interface??? What my need is.... my client's ISP is going to change. So for migration i need to connect the outside interface to the new ISP. If i can configure a secondary IP address to the outside interface , then there would be no downtime at all... I searched for this. But i didnt get any valid solution. Could anyone please help????

regards

Vipin

Thanks and Regards, Vipin
1 Accepted Solution

Accepted Solutions

Jennifer Halim
Cisco Employee
Cisco Employee

No, unfortunately ASA interface does not support the configuration of secondary IP Address like in IOS router.

Unfortunately you won't be able to have zero download when you change ISP.

Please also remember to change the following:

- ASA outside interface to the new ISP subnet

- Default route for outside interface

- All the NAT to be changed to the new ISP addresses

- All DNS resolution if any to the new ISP addresses

- All ACL to be changed to the new ISP addresses

- Also notified all your VPN peers of your ISP address changes.

View solution in original post

2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

No, unfortunately ASA interface does not support the configuration of secondary IP Address like in IOS router.

Unfortunately you won't be able to have zero download when you change ISP.

Please also remember to change the following:

- ASA outside interface to the new ISP subnet

- Default route for outside interface

- All the NAT to be changed to the new ISP addresses

- All DNS resolution if any to the new ISP addresses

- All ACL to be changed to the new ISP addresses

- Also notified all your VPN peers of your ISP address changes.

Shrikant Sundaresh
Cisco Employee
Cisco Employee

Hi Vipin,

It is not possible to configure two ip addresses on the same interface of the ASA.

If you have a free interface on the ASA, then you could configure that for the second ISP. Once you have configured all NAT rules, default route, etc, to match the ip scheme of the new ISP, all you need to do is go into the interface of the current ISP, and do "no nameif". This will remove all configuration (NAT, routes, crypto maps, etc) that was relevant to that interface, and what is remaining would be that for the new ISP. You might still have to do a "clear xlate" and "clear conn" to clear existing connections, as I am not sure if they get removed when you remove name of primary ISPs interface.(They most probably should clear out on their own.)

However, do note, that you would lose the part of the config related to the current ISP when you do this. Take a backup, in case you require it. Also, if you reload, without saving running-config, you can get the old config back, if for some reason that is required.

I would recommend having a small downtime window in any case. If all goes well, and it isn't required, then you get bonus points from your client.

Hope this helps.

-Shrikant

P.S.: Please mark the question as answered, if it has been resolved. Do rate helpful posts. Thanks.