# Cisco ASA 5500 and new ISP



## Chizzad (Mar 21, 2011)

I am looking for some resources on what steps would be involved in configuring a Cisco ASA 5500 when obtaining a new ISP. Since our static IP will be changing with the new ISP, just need to know what configurations changes will need to take place. We currently have a working config with DSL, but are switching to cable. We are using a DMZ configuration, and are going to try using ASDM first since that should be easier. Any help/suggestions would be great, thanks.


----------



## alupis (Jun 19, 2006)

i'm not up to speed on cisco devices... but it should be the same as in configuring any firewall/router device. I believe all you will need to change is how its getting its address from your ISP. if its already set to pull DHCP from your ISP then your set... just plug in the new ethernet and bam, you should pull the new address. Your LAN should remain unchanged unless you have some very specific NAT rules in place... otherwise they wont even know about the change (functionality-wise). If you are statically set (which you probably are since ur using a much beefier firewall than some little Dlink residential router), then you will need to reset your static address to match whatever your ISP provides making sure to change your DNS servers if you use the ISP provided ones (OpenDNS is better since its universal, look it up) and make sure you have the correct subnet set (again provided by your ISP)

Good luck!


----------



## Chizzad (Mar 21, 2011)

Thanks for the input, I believe what you mentioned here is all that will be necessary. The outside IP will have to be changed to whatever the new IP will be, this is easy to do through ASDM. The firewall is set to pull from DHCP also so that will def help. We do have some VPN's setup, they may require some alterations for which I found this link, hopefully this is all we would have to do for those. PeteNetLive - KB0000391 - Cisco ASA - Changing VPN IP Addresses 

As for our server setup, I believe you are correct about the only changes there would be are changing our DNS to forward to our ISP's DNS or possibly using some level 3 DNS servers.

Thank you for the input, will let ya know how it goes!


----------



## alupis (Jun 19, 2006)

best of luck!

with the VPN, depending on how its setup (again i'm not a cisco guy) but all that might need to be changed is the address your VPN clients look to (if client-to-site vpn) or the address your remote site/vpn endpoint looks to (site-to-site). 

if its a client-to-site vpn tunnel, you would just have to update the IP address your users enter to point their VPN software (or the windows built-in VPN client) to your vpn endpoint/router.

while your in there making config changes, i definetely would recommend checking out OpenDNS since it would keep your DNS independent from any ISP issues, and prevent you from having to change one less config next time  Some users even report faster response times from OpenDNS vs their ISP's provided DNS servers, which, depending on the size and budget of your ISP, may just be some small VM or old hardware running a dns service - not always the most reliable...


----------

