cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
1145
Views
5
Helpful
8
Replies

Migrating from 5520 to 5525X

ross_rulz
Level 1
Level 1

Hi Guys,

Currently we have a Cisco 5520 ASA running 8.2.5 IOS and we want to upgrade to the new 5525-X ASA. We only have 512Mb RAM in our current ASA.

I've been reading alot of documentation on how to migrate from the 5520 to 5525-X but what I gather is the old ASA needs to be a minmum of 8.3 IOS.

But in order for use to get to 8.3 is we need to upgrade the RAM on the old ASA first then upgrade the IOS to 8.3 or 8.4 then migrate to the new 5525-X.

Would it be more practical for me to manually do cut and paste the config into the new ASA?

Thanks,

Ross.

8 Replies 8

Marvin Rhoads
Hall of Fame
Hall of Fame

You can either:

a. prepare the configuration offline converting the NAT entries (and potentially ACL entries if you have any outside-in ACL)

b. just import everything but those (cut and paste from running-config or just load the running-config without those lines  in the new -X and tweak as necessary) and create those entries manually, or

c. rebuild on new platform piece by piece.

A lot depends on how much is in your current config.Look at the migration as an opportunity to understand and validate every bit of it.

The easiest way would be to copy the .cfg file onto flash of the new device and then "copy disk0:/ running-configuration".

You can catch errors if any while parsing your configuration & it definitely does save manual efforts of copy/paste.

Thanks.

We dont have any NAT rules so it looks like a simple cut and paste job then?

What image are you upgrading to on 5525-X? If 9.0 or higher you'll have to check on ACL migration.

9.x has support for Unified ACL for IPv4 and IPv6.

Yeah its 9.1 thats coming with the ASA-X

Yes, without NAT the job is pretty easy. Always doublecheck but definitely an easier migration.

If it's factory fresh it probably has 8.6 software. I'd recommend 9.0(2) or 9.1(2) as there a a few new features and many bug fixes in those releases.

You will probably need to activate your 3DES-AES license and add stong encryption to the ssl statement to properly manage the new ASA.Reference.

Please rate helpful replies.

Thanks for your help. Just one quick questions how do you activate your license for 3DES-AES encryption? Is it through TAC?

You're welcome. For the license you can go via TAC or via self-service portal here. (choose "Get New" then "IPS Crypto or Other license"

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: