cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


628
Views
5
Helpful
2
Replies
Beginner

Cisco ASA-5505 to ASA-5506X Upgrade Path?

I have several Cisco ASA-5505's all running 9.1(7). In order to move past TLSv1.0 and enable TLSv1.2 I need to be running at least 9.3(2). But I don't see that available as an ASA software upgrade. So I suspect I will need to replace these ASA's with ASA-5506X's. 

 

If I'm running at 9.1(7), can I restore the configs onto the new ASA-5506X's with little headache? I've read some threads where there were issues replacing the ASA's using the old configs. But these were cases where users were running older versions of the ASA software.

 

Any feedback would be appreciated!

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Mentor

Re: Cisco ASA-5505 to ASA-5506X Upgrade Path?

Your headache won't be severe, but you'll have some. You can't directly migrate your config because there are some differences. The most important are:

  • The interfaces are Gigabit instead of FastEthernet
  • The 5506-X doesn't use VLAN-interfaces and switchports, instead you can use BVI-interfaces
  • With BVIs, the way you apply your NAT and SSH/HTTP-rules change.
  • The SSL-commands for setting the ciphers have changed

The rest should be pretty much straightforward. I would directly migrate to the newest 9.8 interims-release when migrating the ASAs.

2 REPLIES 2
VIP Mentor

Re: Cisco ASA-5505 to ASA-5506X Upgrade Path?

Your headache won't be severe, but you'll have some. You can't directly migrate your config because there are some differences. The most important are:

  • The interfaces are Gigabit instead of FastEthernet
  • The 5506-X doesn't use VLAN-interfaces and switchports, instead you can use BVI-interfaces
  • With BVIs, the way you apply your NAT and SSH/HTTP-rules change.
  • The SSL-commands for setting the ciphers have changed

The rest should be pretty much straightforward. I would directly migrate to the newest 9.8 interims-release when migrating the ASAs.

Beginner

Re: Cisco ASA-5505 to ASA-5506X Upgrade Path?

I was able to dodge the bullet for now and don't have to immediately upgrade from our ASA-5505's. But when we do I'll definitely refer back to your helpful response. Thanks for the insight!