ā07-31-2013 07:24 PM - edited ā03-11-2019 07:19 PM
Hi Guys,
Currently we have a Cisco 5520 ASA running 8.2.5 IOS and we want to upgrade to the new 5525-X ASA. We only have 512Mb RAM in our current ASA.
I've been reading alot of documentation on how to migrate from the 5520 to 5525-X but what I gather is the old ASA needs to be a minmum of 8.3 IOS.
But in order for use to get to 8.3 is we need to upgrade the RAM on the old ASA first then upgrade the IOS to 8.3 or 8.4 then migrate to the new 5525-X.
Would it be more practical for me to manually do cut and paste the config into the new ASA?
Thanks,
Ross.
ā07-31-2013 09:35 PM
You can either:
a. prepare the configuration offline converting the NAT entries (and potentially ACL entries if you have any outside-in ACL)
b. just import everything but those (cut and paste from running-config or just load the running-config without those lines in the new -X and tweak as necessary) and create those entries manually, or
c. rebuild on new platform piece by piece.
A lot depends on how much is in your current config.Look at the migration as an opportunity to understand and validate every bit of it.
ā07-31-2013 09:46 PM
The easiest way would be to copy the .cfg file onto flash of the new device and then "copy disk0:/
You can catch errors if any while parsing your configuration & it definitely does save manual efforts of copy/paste.
ā07-31-2013 09:46 PM
Thanks.
We dont have any NAT rules so it looks like a simple cut and paste job then?
ā07-31-2013 09:50 PM
What image are you upgrading to on 5525-X? If 9.0 or higher you'll have to check on ACL migration.
9.x has support for Unified ACL for IPv4 and IPv6.
ā07-31-2013 09:56 PM
Yeah its 9.1 thats coming with the ASA-X
ā07-31-2013 09:51 PM
Yes, without NAT the job is pretty easy. Always doublecheck but definitely an easier migration.
If it's factory fresh it probably has 8.6 software. I'd recommend 9.0(2) or 9.1(2) as there a a few new features and many bug fixes in those releases.
You will probably need to activate your 3DES-AES license and add stong encryption to the ssl statement to properly manage the new ASA.Reference.
Please rate helpful replies.
ā07-31-2013 09:59 PM
Thanks for your help. Just one quick questions how do you activate your license for 3DES-AES encryption? Is it through TAC?
ā07-31-2013 10:05 PM
You're welcome. For the license you can go via TAC or via self-service portal here. (choose "Get New" then "IPS Crypto or Other license"
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: