cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1510
Views
5
Helpful
4
Replies

Replace ESA C170 with C170 in the SMA

REJR77
Level 1
Level 1

Hi,

 

We need to replace old C160 appliances with C170. (the replacement procedure is quite clear)

But what do we have to do on the SMA? Does the SMA detect the new appliances or do we have to reconfigure it completely with the new C170?

Thank you

 

1 Accepted Solution

Accepted Solutions

Mathew Huynh
Cisco Employee
Cisco Employee

Hey,

 

Keep in mind if you're doing a direct replacement in the sense that the new C170 will take over the entire configuration of the old. the SMA will break with connection to the IP even if it's the same because the hostkey will have changed.

 

So ensure that if you are doing a direct replacement.

On the SMA log into the CLI (command line)

CLI > logconfig > hostkeyconfig > remove the old ESA's hostkey

Then

'scan' -> the new ESA hostkeys (it'll be the same IP if direct replacement)

Once done press enter 2x

 

Commit


Regards,

Matthew

View solution in original post

4 Replies 4

No, the SMA doesn't have any clue...

So, as you stand up each C170, add it to the SMA as a new security appliance.

 

Mathew Huynh
Cisco Employee
Cisco Employee

Hey,

 

Keep in mind if you're doing a direct replacement in the sense that the new C170 will take over the entire configuration of the old. the SMA will break with connection to the IP even if it's the same because the hostkey will have changed.

 

So ensure that if you are doing a direct replacement.

On the SMA log into the CLI (command line)

CLI > logconfig > hostkeyconfig > remove the old ESA's hostkey

Then

'scan' -> the new ESA hostkeys (it'll be the same IP if direct replacement)

Once done press enter 2x

 

Commit


Regards,

Matthew

REJR77
Level 1
Level 1

Hi,

Works perfectly. Just have to reboot the new C170 appliance becasue the SMA was not able to SSH when "scan".

Thanks

Hey Romain,

Glad to hear.

Regards,

matthew