https://community.cisco.com/t5/network-security/migration-pix525-7-0-4-to-asa5525-x-8-6-1/m-p/2311717#M345697 <HTML><HEAD></HEAD><BODY><P>In addition to Julio's good advice, I would use the opportunity to clean up the access-lists. At 1500 lines there is very likely a fair amount of unused and incorrect entries. Since you were running Pix 525 with 7.0(4) I would guess that those firewalls were not given much "love".</P><P></P><P>You can use some tools such as Cisco Security Manager and SolarWinds Firewall Service Manager to import your Pix configuration and analyze access-lists for duplicate, shadowed and unused rules. Both of those products have trial versions that you could use to perform analysis of a single firewall.</P></BODY></HTML> Sun, 28 Jul 2013 15:06:04 GMT Marvin Rhoads 2013-07-28T15:06:04Z https://community.cisco.com/t5/network-security/migration-pix525-7-0-4-to-asa5525-x-8-6-1/m-p/2311715#M345694 <P>Hi ...</P><P></P><P>Please your advise and help ...</P><P>I have a cluster of PIX525 with 7.0(4), some days ago the Primary PIX failed and it was impossible to startup again.</P><P>The failover worked and the PIX Secondary worked ... but this Secondary has a fail and every day at 11:00 AM restart without apparent reason.</P><P></P><P>We bought a new ASA clusters,&nbsp; two 5525-X but this new firewalls have 8.6.1 software ...&nbsp; I know the migration between 7.0 and 8.6 its hard, I was trying but the configuration of this firewalls are very complex (at least 1500 lines access-lists).</P><P></P><P>I know about the differences in static, global, nat and access-list but I would like to have any cook book or quick reference manual to do this migration.</P><P></P><P>Is there any tool or suggestion to make this migration ?</P><P>I'll appreciate any help to do this ...</P><P></P><P>Thanks ...</P> Tue, 12 Mar 2019 02:18:00 GMT https://community.cisco.com/t5/network-security/migration-pix525-7-0-4-to-asa5525-x-8-6-1/m-p/2311715#M345694 guigonza 2019-03-12T02:18:00Z https://community.cisco.com/t5/network-security/migration-pix525-7-0-4-to-asa5525-x-8-6-1/m-p/2311716#M345696 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Yes, you have a lot of work to do <SPAN __jive_emoticon_name="grin" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/grin.gif"></SPAN></P><P></P><P><A _jive_internal="true" href="https://community.cisco.com/docs/DOC-9129">https://supportforums.cisco.com/docs/DOC-9129</A></P><P><A _jive_internal="true" href="https://community.cisco.com/docs/DOC-12690">https://supportforums.cisco.com/docs/DOC-12690</A></P><P></P><P>My recommendation would be get familiar with the new configuration and then start working on it,</P><P></P><P><SPAN style="font-size: 10pt;"><SPAN>For Networking Posts check my blog at </SPAN><A class="jive-link-external-small" href="http://www.laguiadelnetworking.com/category/english/">http://www.laguiadelnetworking.com/category/english/</A><SPAN> </SPAN></SPAN></P><P> <BR />Cheers, <BR /> <BR />Julio Carvajal Segura</P></BODY></HTML> Sun, 28 Jul 2013 06:44:56 GMT https://community.cisco.com/t5/network-security/migration-pix525-7-0-4-to-asa5525-x-8-6-1/m-p/2311716#M345696 Julio Carvajal 2013-07-28T06:44:56Z https://community.cisco.com/t5/network-security/migration-pix525-7-0-4-to-asa5525-x-8-6-1/m-p/2311717#M345697 <HTML><HEAD></HEAD><BODY><P>In addition to Julio's good advice, I would use the opportunity to clean up the access-lists. At 1500 lines there is very likely a fair amount of unused and incorrect entries. Since you were running Pix 525 with 7.0(4) I would guess that those firewalls were not given much "love".</P><P></P><P>You can use some tools such as Cisco Security Manager and SolarWinds Firewall Service Manager to import your Pix configuration and analyze access-lists for duplicate, shadowed and unused rules. Both of those products have trial versions that you could use to perform analysis of a single firewall.</P></BODY></HTML> Sun, 28 Jul 2013 15:06:04 GMT https://community.cisco.com/t5/network-security/migration-pix525-7-0-4-to-asa5525-x-8-6-1/m-p/2311717#M345697 Marvin Rhoads 2013-07-28T15:06:04Z https://community.cisco.com/t5/network-security/migration-pix525-7-0-4-to-asa5525-x-8-6-1/m-p/2311718#M345698 <HTML><HEAD></HEAD><BODY><P>Thanks Julio ...</P><P></P><P>I had checked the information in the links you sent.</P><P>I'll do the analysis for migration.</P><P></P><P>Guillo.</P></BODY></HTML> Sun, 28 Jul 2013 18:33:50 GMT https://community.cisco.com/t5/network-security/migration-pix525-7-0-4-to-asa5525-x-8-6-1/m-p/2311718#M345698 guigonza 2013-07-28T18:33:50Z https://community.cisco.com/t5/network-security/migration-pix525-7-0-4-to-asa5525-x-8-6-1/m-p/2311719#M345700 <HTML><HEAD></HEAD><BODY><P>Thanks Marvin ...</P><P></P><P>Good idea about Cisco Security Manager for analyze the configuration,&nbsp; I know this is a horrible configuration and it's no easy to clean it.</P><P></P><P>Guillo.</P></BODY></HTML> Sun, 28 Jul 2013 18:35:29 GMT https://community.cisco.com/t5/network-security/migration-pix525-7-0-4-to-asa5525-x-8-6-1/m-p/2311719#M345700 guigonza 2013-07-28T18:35:29Z