Currently we have a Cisco 5520 ASA running 8.2.5 IOS and we want to upgrade to the new 5525-X ASA. We only have 512Mb RAM in our current ASA.
I've been reading alot of documentation on how to migrate from the 5520 to 5525-X but what I gather is the old ASA needs to be a minmum of 8.3 IOS.
But in order for use to get to 8.3 is we need to upgrade the RAM on the old ASA first then upgrade the IOS to 8.3 or 8.4 then migrate to the new 5525-X.
Would it be more practical for me to manually do cut and paste the config into the new ASA?
You can either:
a. prepare the configuration offline converting the NAT entries (and potentially ACL entries if you have any outside-in ACL)
b. just import everything but those (cut and paste from running-config or just load the running-config without those lines in the new -X and tweak as necessary) and create those entries manually, or
c. rebuild on new platform piece by piece.
A lot depends on how much is in your current config.Look at the migration as an opportunity to understand and validate every bit of it.
The easiest way would be to copy the .cfg file onto flash of the new device and then "copy disk0:/
You can catch errors if any while parsing your configuration & it definitely does save manual efforts of copy/paste.
What image are you upgrading to on 5525-X? If 9.0 or higher you'll have to check on ACL migration.
9.x has support for Unified ACL for IPv4 and IPv6.
Yes, without NAT the job is pretty easy. Always doublecheck but definitely an easier migration.
If it's factory fresh it probably has 8.6 software. I'd recommend 9.0(2) or 9.1(2) as there a a few new features and many bug fixes in those releases.
You will probably need to activate your 3DES-AES license and add stong encryption to the ssl statement to properly manage the new ASA.Reference.
Please rate helpful replies.
You're welcome. For the license you can go via TAC or via self-service portal here. (choose "Get New" then "IPS Crypto or Other license"