해결됨: ASA 5510 (ver 8.2) to ASA 5516-X (ver 9.6) Migration

Sai · ‎11-19-2017

Dear Experts,

I am planning to ASA hardware migration from ASA 5510 (ver 8.2) to ASA5516-X (ver 9.6).

I would like to get your help/advise for my migration.

1) what is the best way of this migration fro 5510 ver 8.2 to ASA5516-X (ver 9.6)

2) Is there any better tools for NAT and ACL?

3) Is there any chart or link of different versions of NAT and ACL setup CLI command?, so that I can compare my current config to modify for new ver.

4) kindly provide your advise for this migration.

Thank you so much in advance.

Marvin Rhoads · ‎11-19-2017

The first step is to clean up and review your existing configuration. Make sure you understand what you have and what's necessary.

I have used the tools at tunnelsup.com to good end in doing both the cleanup and NAT conversion. I find their NAT conversion cleaner and more reliable than what's built into the parser that runs when doing an inline upgrade (something you don't have available since you are moving between platforms).

Your 5516-X will have different interface numbering than the 5510 so you will have a bit of work to do in changing the configuration to take that into account. There's not an easy shortcut for that as an end user.

if you're a partner or working with one, Cisco has an internal migration tool that can be used to prepare the new configuration offline. It's not a 100% substitute for a qualified and informed firewall engineer / admin but it is helpful for the larger configurations with lots of lines.

원본 게시물의 솔루션 보기

Marvin Rhoads · ‎11-19-2017

The first step is to clean up and review your existing configuration. Make sure you understand what you have and what's necessary.

I have used the tools at tunnelsup.com to good end in doing both the cleanup and NAT conversion. I find their NAT conversion cleaner and more reliable than what's built into the parser that runs when doing an inline upgrade (something you don't have available since you are moving between platforms).

Your 5516-X will have different interface numbering than the 5510 so you will have a bit of work to do in changing the configuration to take that into account. There's not an easy shortcut for that as an end user.

if you're a partner or working with one, Cisco has an internal migration tool that can be used to prepare the new configuration offline. It's not a 100% substitute for a qualified and informed firewall engineer / admin but it is helpful for the larger configurations with lots of lines.