12-12-2008 05:23 AM
What at the implications of changing the IP address on the Trust interface to a new network? I am implenting a new Network Access Control device which will require changing the network address on the trust interface.
Anybody had any experience with this before? Any information would be very helpful.
12-12-2008 09:30 AM
I guess changing the IP address is easy, the following will change the interface ip via the cmd line.
set int <interface> ip <X.X.X.X/X>
But things that are going to be affected by it are the users, routing in the network. The users will need to be configured with the correct gateway IP address and if you have multiple subnets, routing has to be configured to correctly point to the new gateway IP addresses.
It will also depend on other stuff you have going on in the trust zone of the network,eg if you have vpns etc, etc.. Essentially it depends on the complexity of your network in the trust zone.
12-12-2008 10:34 AM
WL, Thanks for the reply. I've got multiple policies on the trust side to NAT to my public IP addresses based on a private range. I use a separate public for each of my schools. I've only got one default route, and knew I was going to have to change that. I'll be going from a 220.127.116.11 private address to a 10.10.2.0 private on the trust interface.
I just wanted to be sure the policies I have won't disappear when I change the IP address. I've backed up the configuration, and saved it to my PC, so if it doesn't work, I can always get back to where I am now.
12-12-2008 10:38 AM
DIdn't complete my last response. We don't have any VPN connections on the firewall. I've also got an SA4000 we use for SSL/VPN connections to our network.
My default route (0.0.0.0) point to the untrust interface, and I have a single 18.104.22.168 route that points to my inside router. This is the route I need to be sure I change to reflect the new inside router interface.