Solved: Based on the below table:

nick.szilagyi · ‎09-13-2016

Hi all,

I have a 5510 I need to migrate the configuration over to a 5512-X. My main concern here is that there may be a fundamental difference in the code releases, specifically NAT configuration changes between different code releases.

The 5510 is currently on 8.4(3), and the 5512-X will be on the latest stable release, which I believe is 9.4.3. (It's brand new, so will have default config on ios currently).

Will there be any issues with copying the config over based on the above IOS versions?

Many thanks,
Nick

Marvin Rhoads · ‎09-13-2016

The table you posted is for inline upgrade. The intermediate step is only required in such a case because of some changes in how the disk file system works.

Rules will not need to be re-built. However, your 5510 interface numbering is different than the 5512-X.

The 5510 uses "Ethernet 0/0" etc. (2 Gigabit interfaces available only with Security Plus license) while the 5512-X uses "GigabitEthernet0/0" etc.

So you would copy off the configuration from the old ASA (being careful to capture any pre-shared keys, certificates, AnyConnect images, VPN profile files, clientless SSL VPN customization etc.), edit the configuration file to reflect the new interface designations, update references to the ASA boot file and ASDM image file, and then copy it onto the new ASA.

View solution in original post

nick.szilagyi · ‎09-13-2016

Based on the below table: http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html#37856

Current ASA Version	First Upgrade to:	Then Upgrade to:
8.2(x) and earlier	8.4(5)	9.1(3) or later
8.3(x)	8.4(5)	9.1(3) or later
8.4(1) through 8.4(4)	8.4(5) or 9.0(4)	9.1(3) or later

This is suggesting I upgrade the existing ASA to 8.4(5) and then to 9.1(3). I am however, not able to convert the existing 5510 ASA to 8.4.(5) as it is in a production environment.

Will I need to build the rules from the ground up?

thanks

pradypan · ‎09-13-2016

Hi Nick,

The major changes with NAT rules and ACL comes between pre 8.3. and post 8.3.

Since you are already running on version 8.4.3, there would not be any changes related to NAT rules for which you are concerned.

Regards

Pradyumna

nick.szilagyi · ‎09-14-2016

Thank you Pradyumna

Marvin Rhoads · ‎09-13-2016

The table you posted is for inline upgrade. The intermediate step is only required in such a case because of some changes in how the disk file system works.

Rules will not need to be re-built. However, your 5510 interface numbering is different than the 5512-X.

The 5510 uses "Ethernet 0/0" etc. (2 Gigabit interfaces available only with Security Plus license) while the 5512-X uses "GigabitEthernet0/0" etc.

So you would copy off the configuration from the old ASA (being careful to capture any pre-shared keys, certificates, AnyConnect images, VPN profile files, clientless SSL VPN customization etc.), edit the configuration file to reflect the new interface designations, update references to the ASA boot file and ASDM image file, and then copy it onto the new ASA.

nick.szilagyi · ‎09-14-2016

Top stuff, thanks Marvin.

This was pretty much exactly what I was looking for.

Marvin Rhoads · ‎09-14-2016

You're welcome. Please mark your question as answered if it has been.

Migrating config from 5510 8.4(3) to 5512-X (9.4.3) -