06-22-2014 04:23 AM - edited 03-11-2019 09:21 PM
Dear all,
I am going to order 2 firewalls, as the pixes are really old and I am going to upgrade our feed to 2 Gb.
I thought about the asa 5525-x , 5545-x (with extra Six GE Optical SFP 1000BASE-SX) as the throughput would support the new bandwidth.
Can I use the " migration tool " to convert the config from the pixes ?, as the configuration is really long (we have over 150 VLans).
I know that it would work for the 5550, but what about the 5525-x and 5545-x with the extra Six GE Optical SFP 1000BASE-SX.
Many thanks in advance.
Madonamadona
06-22-2014 06:46 AM
I replied to this in your other post...but I will paste that reply here as well.
06-22-2014 10:22 AM
I agree that I am not aware of a tool to migrate from PIX to ASA5500X series which runs 9.x code. And my experience with the tool that did migration from PIX to ASA pre 8.3 code was that it did not work well for me. I pretty much wound up doing the migration manually.
The other part of the question was about whether to choose ASA5525X or ASA5545X vs ASA5550. My advice would be to choose one of the 5500X series. They will have more processing power than the equivalent ASA5500 model and they will support more features. Also the ASA5500X will run newer code (the ASA5550 is not supported in code past 9.1). I would have pointed out the issue of End of Life announcements for the ASA5550, but for someone who is still running PIX I guess that is not much of a concern.
HTH
Rick
06-22-2014 02:20 PM
MariusGunnerut / Rick, many thanks for the useful information, that's great.
Madonamadona
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
I am not sure if there is a tool for migrating the configuration from PIX to ASA8.3+ If there is, I have not come across it before. I do know that if you are upgrading from 8.2 to a later version the ASA will migrate the commands itself...though I have had mixed results with this as there have been many duplicate entries.
I did come across this webpage that has a tool for migrating NAT rules...which might be useful. I just did a couple small tests with it and it seems to work fine...though I am unsure how it will handle a large amount of rules.
http://www.tunnelsup.com/nat-converter
As for the VLANs you would need to create subinterfaces for that, and again, I am unaware of any tool that will do this for you.
--
Please remember to select a correct answer and rate helpful posts