Move interface ACL's, NAT's from one interface to another

Hi
I have a Cisco ASA 5515-x with IOS 9.1.
My problem is i have 6 interfaces (1 failover, 2 dmz, 1 outside, 1 inside and 1 spare) and I need to create new:
DMZ - for new LAN (subnet).
Outside interface - for new Site to Site VPN peer, there is a requirement to use a different public address rather than the one on the existing outside interface.
There is no budget to purchase additional interfaces at the present.
The solution i have come up with is to:
Divide the spare interface into 3 sub-interfaces for the 2 existing DMZ's and the new DMZ.
Use either of the spare 2 interfaces (from existing DMZ's) as the new outside interface.
Still leaving me with a spare interface for future expansion.
I have 2 questions:
Firstly, is this an acceptable solution and if not what would be a better solution?
Secondly, in my proposed solution, i will have to move all the ACLs and NATs from the existing DMZ's to the new sub-interfaces DMZ's (also one of the DMZ's is accessed by a site to site VPN on the existing outside interface). Is there an easy way to move this rules/NAT/etc or does it require going through the entire configuration renaming all the changes?
Any help would be much appreciated.
Chris

Hi,
Well I dont know why the requirement is to use a different public IP address for the L2L VPN connection then this seems to be the only way (use another interface). I assume then that you have another ISP link there or from same ISP but with IP from different public subnet than your current "outside"?
If you decide to use 2 WAN links on the ASA then for the L2L VPN purpose WAN link you need to configure static "route" for the remote VPN gateway and possibly also for the remote networks behind the L2L VPN unless the ASA installs those routes automatically based on the "crypto map" configurations.
With regards to moving the configurations around it seems to me that there is no easy/automatic way to migrate these configurations.
What you can essentially do atleast is
Collect all the configurations that reference the interfaces "nameif" value. These usually contains commands like "nat" , "access-group" , "route" and naturally some others
Remove the existing interfaces which means that all configurations that reference the "nameif" are removed. Notice that the ACL is not removed, only the "access-group" command
You then reconfigure the same interface somewhere else. In your case it seems to be an subinterface in some cases.
After the new interface is configured you should be able to drop the configurations that you collected earlier. What I would keep in mind in this situation is that you should keep track of the original order of the "nat" configurations (if using Manual NAT) and make sure you enter the "nat" commands in the same places they were. Depending on your current NAT configuration this might either be really simple (Mostly Auto NAT configurations) or something required a bit more planning (Manual NAT)
The above should be the main things to do on the ASA to migrate the configurations.
Naturally this is just a general description without taking into account everything that you might have in your environment.
- Jouni

Similar Messages

  • How can I move my iPad's iTunes backup from one user to another?

    Is it possible to move my iPad's iTunes backup from one user to another, so as to change which user the iPad is syncing to without deleting any app data? Currently the iPad is synced to one user on my iMac, and I would like to transfer it so that it will sync with a different user on the same iMac (using iTunes, of course). I'd like to replace content from the old user's iTunes library with my user (eg. music, movies), but I don't want to loose app data in the process if I can avoid it.
    I have tried to use the pathway /Library/Application Support/MobileSync/Backup but my iMac doesn't seem to have a MoblieSync folder. I wouldn't know what to do with the backup anyway though.
    Can anyone help me or is this request too complicated, difficult, or impossible? Thanks for your help!

    The Apple Document covers this. See the footnotes of my google docs
    I've done this, it is easy, but takes time and patience.
    On the existing mac with OSX and Configurator:
    ========================================
    - run disk utility and verify your disks are ok, a must
    - make note of the user logged in when using configurator  such as "bob"
    - connect a new or newly reformatted USB formatted for Apple
    - run time machine and backup to the USB
    - Take the mac off the network,
    - Buy a new mac
    - setup the mac with a new logon account like Paul or  "bob2"   do not use BOB !!
    - finish the new purchase setup, get to your desktop
    - now run the migraiton assistant  moving bob from the USB to the new mac
    - reboot, logon as bob, launch configurator and connect just one ipad.  Test
    https://docs.google.com/document/d/1SMBgyzONxcx6_FswgkW9XYLpA4oCt_2y1uw9ceMZ9F4/ edit?usp=sharing

  • Movement type: moving the returnable package from one customer to another

    Hello,
    I would like to know if there exists any predefined movement type (in transaction MIGO) which would allow to move the stock of the returnable package (material type LEIH, pallets etc.) from one customer to another IN ONE STEP (now we do it in 2 steps: first we return the stock from the customer to the our location and then move it to another customer). When we sell material to the customer, the stock type for the returnable package has the mark for special stock type (''V'').
    I tryed types 301V and 309V, but the customer had to be the same. It only allows to move the pallets between different plants for the same customer.
    Best regards,
    Mojca Kukman

    Hi
    There is no such movement type. Customers always look for one-step transactions and the only way to achieve this is through ABAP!
    Normally I do this:
    Create a Z-txn for customer input and on saving create 2 material documents (as in 2-step process).
    Best regards
    Ramki

  • How do I move all the apps and podcasts from one mac to another mac?

    What is the best way to move all the apps and iTunes content (songs, podcasts, etc) from one Mac to another Mac?  I am switching to a newer computer.  I connect (with cables) an iPhone 4 and an iPad 2 to the old computer for syncing.

    Take a look at this.
    iTunes: How to move your music to a new computer
    When I recently got a new MacBook, I set it up with Times Machine using a backup of the old computer. It could not have been easier. If you use Time Machine - that will copy the contents of the old Mac to the new Mac - iTunes library included. You will have to authorize the new Mac in iTunes - Store>Authorize this computer.
    There are ways of copying the purchased contents from the iPad to the new iTunes library as well if you need to do that. But as long as you have the old Mac - copying the library and putting it on the new Mac makes the most sense.

  • How do you copy/move the ASU Toolbox task list from one system to another

    We are upgrading from 3.5 to 7.01 and have maintained the the task list in /n/asu/upgrade in our sandbox.   I would like to be able to move the task list to our other systems so I don't have to reenter the tasks again.  I know the base tasks are in an xml file but I don't know which one.  
    Does anyone know how to move/copy the tasks from one system to another?

    I agree with Antonio, but since we don't know if the Mail app on the Mini is the same version as the one on your new iMac, I'd err on the side of caution and allow Mail on the new iMac to set up; additionally, I'd prefer to start with a new preference file. In order to make it easier, you could take screenshots of all the account windows on the Mini. You can then use those to enter the info when setting up Mail on the new iMac.
    After Mail is set up, quit Mail. Go to the location outlined by Antonio (Users-Library-Mail) and compare the folders with the folders from the old Mail app; i.e. the new Inbox folder should be empty -> remove that (drag to trash) and replace it with your old Inbox folder (same with Sent, etc). If you have old folders not found in the new location, add them.
    When done, open Mail and your folders and emails should all be there.

  • How to move an existing Application/Package Deployment from one collection to another

    We'd like to move an Application Deployment from one collection of devices to another. Instead of just creating a new deployment (which would make the app try to reinstall) we'd like to move the existing deployment.
    Any way to do this with PowerShell?

    Creating a new deployment won't make an app try to reinstall at all. That's the whole point of the Detection method.
    For packages, clients keep track of what they've run before so a new deployment won't cause it to run again unless the program is set for it to run again.
    Ultimately, you cannot change the collection targeted by a deployment as this violates a f underlying assumptions and messes up compliance/reporting for that deployment. You need to create a new deployment which as pointed out has no down-side.
    Jason | http://blog.configmgrftw.com

  • How to move the contents of an itab from one class to another...

    Hello Experts,
    How can I move the contents of an internal table for a given class to another class.
    I want to transfer the contents of my internal table lt_vbak to another class
    which is lcl_get_docflow. Below is my code:
    REPORT  zsd_orderstage
            NO STANDARD PAGE HEADING.
    * Data Dictionary Table/s                      *
    TABLES: vbak.
    * Global Structure/s                           *
    TYPES: BEGIN OF t_output,
            salesgroup    type vbak-vkgrp,
            salesorder    TYPE vbak-vbeln,
            custcode      TYPE vbak-kunnr,
            shipto        TYPE likp-kunnr,
            creation_date TYPE vbak-erdat,
            created_by    TYPE vbak-ernam,
            delorder      TYPE likp-vbeln,
            invnumber     TYPE vbrk-vbeln,
           END OF t_output.
    * Global Internal Table/s                      *
    DATA: gt_output TYPE STANDARD TABLE OF t_output.
    * SELECTION-SCREEN                             *
    SELECTION-SCREEN BEGIN OF BLOCK b1 WITH FRAME TITLE text-001.
    PARAMETERS:     p_kunnr TYPE vbak-kunnr OBLIGATORY.
    SELECT-OPTIONS: s_group for vbak-vkgrp,
                    s_auart FOR vbak-auart,
                    s_erdat FOR vbak-erdat  OBLIGATORY,
                    s_ernam FOR vbak-ernam.
    SELECTION-SCREEN END OF BLOCK b1.
    *       CLASS lcl_main DEFINITION
    CLASS lcl_main DEFINITION ABSTRACT.
      PUBLIC SECTION.
        TYPES: BEGIN OF t_vbak,
              vbeln TYPE vbak-vbeln,
              erdat TYPE vbak-erdat,
              ernam TYPE vbak-ernam,
              auart TYPE vbak-auart,
              kunnr TYPE vbak-kunnr,
              vkgrp type vbak-vkgrp,
             END OF t_vbak.
        TYPES: BEGIN OF t_vbfa,
                vbelv   TYPE vbfa-vbelv,
                vbeln   TYPE vbfa-vbeln,
                vbtyp_n TYPE vbfa-vbtyp_n,
               END OF t_vbfa.
        TYPES: BEGIN OF t_likp,
                vbeln TYPE likp-vbeln,
                kunnr TYPE likp-kunnr,
               END OF t_likp.
        TYPES: BEGIN OF t_vbrk,
                vbeln TYPE vbrk-vbeln,
               END OF t_vbrk.
        DATA: gt_vbfa     TYPE STANDARD TABLE OF t_vbfa,
              gt_likp     TYPE HASHED TABLE OF t_likp
                          WITH UNIQUE KEY vbeln,
              gt_vbrk     TYPE HASHED TABLE OF t_vbrk
                          WITH UNIQUE KEY vbeln,
              gt_delivery TYPE STANDARD TABLE OF t_vbfa,
              gt_invoice  TYPE STANDARD TABLE OF t_vbfa.
    ENDCLASS.                    "lcl_main DEFINITION
    *       CLASS lcl_get_so DEFINITION
    CLASS lcl_get_so DEFINITION INHERITING FROM lcl_main.
      PUBLIC SECTION.
        DATA: lt_vbak TYPE STANDARD TABLE OF t_vbak.
        METHODS: get_sales_orders
                    RETURNING
                       value(re_vbak) TYPE t_vbak.
    ENDCLASS.                    "lcl_get_so DEFINITION
    *       CLASS lcl_get_so IMPLEMENTATION
    CLASS lcl_get_so IMPLEMENTATION.
      METHOD get_sales_orders.
        SELECT vbeln erdat ernam auart kunnr vkgrp
          FROM vbak
          INTO TABLE lt_vbak
         WHERE erdat IN s_erdat
           AND ernam IN s_ernam
           AND auart IN s_auart
           AND kunnr = p_kunnr.
      ENDMETHOD.                    "get_sales_orders
    ENDCLASS.                    "lcl_get_so IMPLEMENTATION
    *       CLASS lcl_get_docflow DEFINITION
    CLASS lcl_get_docflow DEFINITION INHERITING FROM lcl_main.
      PUBLIC SECTION.
        DATA: lt_vbfa TYPE STANDARD TABLE OF t_vbfa.
        METHODS: get_subsequent_docs
                    IMPORTING
                       value(im_vbak) TYPE t_vbak
                    EXPORTING
                       ex_vbfa TYPE t_vbfa.
    ENDCLASS.                    "get_docflow  INHERITING FRO
    *       CLASS lcl_get_docflow IMPLEMENTATION
    CLASS lcl_get_docflow IMPLEMENTATION.
      METHOD get_subsequent_docs.
      ENDMETHOD.                    "get_subsequent_docs
    ENDCLASS.                    "get_docflow IMPLEMENTATION
    * Global Internal Table/s                      *
    START-OF-SELECTION.
      DATA: o_get_so      TYPE REF TO lcl_get_so,
            o_get_docflow TYPE REF TO lcl_get_docflow.
      CREATE OBJECT: o_get_so,
                     o_get_docflow.
      CALL METHOD o_get_so->get_sales_orders.
    What I want is to pass the records of lt_vbak to method get_subsequent_docs. How do I do this guys?Thank you and take care!

    .

  • How to move imovie '08 projects and events from one macbook to another

    Hi,
    I need to import my movies via firewire, but can only do it through my brother's macbook, as my new macbook does not have firewire.
    Therefore, I imported 100 GB worth of movies onto his computer, then transferred the iMovie Events and iMovie Projects folders onto a hard drive, then transferred them from the hard drive to MY macbook. Now they are sitting on the desk top.
    How do I get them into iMovie on my macbook, now that I have transferred the files from my brother's macbook onto my macbook's desktop?
    Thanks!

    I guess I just needed to drag my events into my user folder ---> movie events, and then when I launched iMovie, it found them.

  • Move iTunes library on external HD from one Mac to another,

    I have 2 MacBook Pro's both running Lion, one (17") has my iTunes library through an external hard drive.  I would like to move the iTunes library on the external hard drive to the other Mac, 13" also running Lion.  Can anyone help?

    Export it as a QuickTime movie.
    If you want to move it in an Editable format then you'll need to copy the Library that contains it over to the other machine.
    Regards
    TD

  • Move or copy iPhoto '11 slideshow from one Mac to another

    How do I move or copy a slideshow created on my iMac to my Macbook Pro

    Export it as a QuickTime movie.
    If you want to move it in an Editable format then you'll need to copy the Library that contains it over to the other machine.
    Regards
    TD

  • How do I move a Student and Teacher edition from one computer to another?

    I have looked in Help but there is no mention of de-activation and I did consult on Chat but they said go to the forums.

    There is no activation process with Lightroom. Once you have received your serial number for your student/teacher edition, you treat Lightroom the same as any other version. You install Lightroom on the other computer and use that serial number that begins with the digits 1160 to activate it. Don't try to download the creative cloud version and install it because you cannot activate it with a serial number.

  • How do you move adobe acrobat XI pro from one computer to another?

    how do you move adobe acrobat XI standard pro from one computer to another?

    Hi jeszamom,
    You'll need either the installation media (if you bought from a retailer), or a downloaded installer. If you don't have the CD, you can download Acrobat from this links in this document: Download Acrobat products | Standard, Pro | XI, X - Adobe.
    It's OK to keep it on the other computer; your license allows you to install it on up to two computers. But, if you'd like you can deactivate it on that old computer, which would free up that activation for use on yet another computer. Please see Activation & Deactivation Help - Adobe
    You'll need your serial number to activate on the new computer.
    Please let us know how it goes.
    Sara

  • Move Mail from one user to another user on same iMac?

    How do I move my Mail (library and preferences) from one user to another user on the same Imac? This way I want to split afterwards the mailaccounts that now sit in one user over the old and the new user by deleting those mailaccounts that I do not want to have in one or the other user account. Appreciate the help.

    How do I move my Mail (library and preferences) from one user to another user on the same Imac? This way I want to split afterwards the mailaccounts that now sit in one user over the old and the new user by deleting those mailaccounts that I do not want to have in one or the other user account. Appreciate the help.

  • Move node and its silings from one jtree to another

    Hi,
    I am trying to move JTree nodes and its siblings from one JTree to another. If anyone has the code, please post it on the website or mail to [email protected]
    Thanks
    Pavan

    Pavan,
    You may have to do a sanity check before adding it.
    Better run the program in a debugger and have a break point at the clipBoard.put() line. Else system.out.println() lines will kill enormouse programming time rather than using debugger.
    Also in following this thread, i found that you may have to be bit more thorough with the DefaultMutableTreeNode class first.
    Thanks,
    ananth
    Thomas,
    for (int p = 0; p < jtree.getSelectionCount(); p++) {
                   System.out.println(".3.......p= "+p);
    node =
    =
    (EuamDefaultMutableTreeNode)paths[p].getLastPathCompon
    nt();
                        clipBoard.put(node.toString(), node);
                   System.out.println(".4...........");
    Giving error at clipBoard.put()
    line....java.lang.NullPointerException
    ..Any idea why?
    Thanks.
    Pavan

  • How move apex from one server to another

    Hi All,
    I am just a beginner who has just started with APEX. Its strange but even though I am just a beginner I was given a task to move the current whole apex system from one server to another.
    Can any one help what the steps do I need to follow to do this?
    I also need to setup backup server to this new server so that in case this new server goes down, the backup one can be made productional.
    I think I should move apex first then move the whole database. Is there any tool or some thing which can do it for me?
    Thanks

    Hi,
    what you are being asked to do would be a complex task for an experienced DBA, which, judging by the way you have asked the questions, you are not, no offence intended.
    As far as I can see you have three options.
    1. Hire a consultant/contractor with the necessary skills to perform the tasks.
    2. Gain several years experience as an Oracle DBA, including Apex, backup and recovery and disaster recovery skills.
    3. Look for a new job.
    Sorry to sound facetious, but it is a ridiculous task you have been given assuming the skill and knowledge level you are coming from. Assuming you have not misrepresented yourself to your employer, this is not your fault and I think you need to seriously push back on your boss if possible.
    Regards
    Andre

Maybe you are looking for