Migrating an ASA 5510 to a 5515x

ethutchinson · ‎10-07-2014

We have just purchased an ASA 5515x that has version 9.1(3) installed. Our current ASA 5510 has version 8.0(4)39 installed. The current ASA also has a CSC-SSM 20 installed. We also had a 25 user Anyconnect license installed. I guess I am just looking for some ideas on getting the config from my current ASA to the new ASA 5515x. Included with the new ASA was a PAK for ASA 5515-x AVC & NGFW IPS for 1 year and a DVD for Cisco Prime security manager. Any Ideas?

ethutchinson · ‎10-07-2014

Well I did a sh ver to see what I have purchased. Maybe someone can offer some guidance..

sh ver

Cisco Adaptive Security Appliance Software Version 9.1(3)

Device Manager Version 7.1(4)

Compiled on Mon 16-Sep-13 16:07 PDT by builders

System image file is "disk0:/asa913-smp-k8.bin"

Config file at boot was "startup-config"

ciscoasa up 3 mins 45 secs

Hardware: ASA5515, 8192 MB RAM, CPU Clarkdale 3058 MHz, 1 CPU (4 cores)

ASA: 4096 MB RAM, 1 CPU (1 core)

Internal ATA Compact Flash, 8192MB

BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)

Boot microcode : CNPx-MC-BOOT-2.00

SSL/IKE microcode : CNPx-MC-SSL-PLUS-T020

IPSec microcode : CNPx-MC-IPSEC-MAIN-0026

Number of accelerators: 1

Baseboard Management Controller (revision 0x1) Firmware Version: 2.4

0: Int: Internal-Data0/0 : address is f07f.0645.becf, irq 11

1: Ext: GigabitEthernet0/0 : address is f07f.0645.bed3, irq 10

2: Ext: GigabitEthernet0/1 : address is f07f.0645.bed0, irq 10

3: Ext: GigabitEthernet0/2 : address is f07f.0645.bed4, irq 5

4: Ext: GigabitEthernet0/3 : address is f07f.0645.bed1, irq 5

5: Ext: GigabitEthernet0/4 : address is f07f.0645.bed5, irq 10

6: Ext: GigabitEthernet0/5 : address is f07f.0645.bed2, irq 10

7: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0

8: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0

9: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0

10: Ext: Management0/0 : address is f07f.0645.becf, irq 0

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited perpetual

Maximum VLANs : 100 perpetual

Inside Hosts : Unlimited perpetual

Failover : Active/Active perpetual

Encryption-DES : Enabled perpetual

Encryption-3DES-AES : Enabled perpetual

Security Contexts : 2 perpetual

GTP/GPRS : Disabled perpetual

AnyConnect Premium Peers : 2 perpetual

AnyConnect Essentials : 250 perpetual

Other VPN Peers : 250 perpetual

Total VPN Peers : 250 perpetual

Shared License : Disabled perpetual

AnyConnect for Mobile : Enabled perpetual

AnyConnect for Cisco VPN Phone : Disabled perpetual

Advanced Endpoint Assessment : Disabled perpetual

UC Phone Proxy Sessions : 2 perpetual

Total UC Proxy Sessions : 2 perpetual

Botnet Traffic Filter : Disabled perpetual

Intercompany Media Engine : Disabled perpetual

IPS Module : Disabled perpetual

Cluster : Disabled perpetual

This platform has an ASA 5515 Security Plus license.

Serial Number: FCH1832JPRD

Running Permanent Activation Key: 0x4d06fa64 0xb4e01d56 0x5563e1e0 0xf250d070 0

Configuration register is 0x1

Configuration has not been modified since last system restart.

ciscoasa#

Vibhor Amrodia · ‎10-07-2014

Hi,

The CSC module that you had working before would not be available on the ASA-X devices. Instead , you would have to configure the CX module for the same functionality and more.

You would have to enable this module and then configure it as per the policies on the CSC module.

Refer:-

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/cx/cx_qsg.html

It would be best to open a TAC case if possible.

Thanks and Regards,

Vibhor Amrodia