[c-nsp] FWSM IP migration
Jason Lixfeld
jason at lixfeld.ca
Mon Feb 4 18:17:53 EST 2008
Is the CSM client vlan 'gateway' entry for 10.11.11.0/24 pointing to
new_int or old_int? If old_int, what about setting it to new_int and
leave the FWSM default gateway pointing to old_int?
If the CSM gateway is old_int, a change to new_int will likely affect
the existing connections too, but if you're asking for a way to
perform a routing policy change on a stateful firewall without there
being a hit of some sort, I don't know if that's a reasonable
expectation.
On 4-Feb-08, at 5:53 PM, Steve Wright wrote:
> Hey all,
>
> I'm currently planning an IP migration, and one of the issues I'm
> going to
> hit and I'm not sure of the way around it... traffic coming into
> new_int
> will get translated from 192.168.2.1 -> 10.10.10.1, however as the
> default
> route on the FWSM point out via old_int it won't get passed through
> as their
> will be no existing connection... if I change the default route,
> that will
> work for new connections inbound, but then break the existing outbound
> statements...
>
>
> 192.168.1.0/24 192.168.2.0/24
> | |
> Old_int new_int
> | |
> 192.168.1.1 192.168.2.1
> +------------+------------+
> |
> 10.10.10.1 (CSM VIP)
> / \
> 10.11.11.1 10.11.11.2
>
> How would you go about doing this without it being a big hit
> changeover?
>
> Thanks for any advice/ guidance,
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list