cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
405
Views
0
Helpful
3
Replies

asa 5525-x , 5545-x and 5550

madonamadona
Level 1
Level 1

Dear all,

 

I am going to order 2 firewalls, as the pixes are really old and I am going to upgrade our feed to 2 Gb.

I thought about the asa 5525-x , 5545-x (with extra Six GE Optical SFP 1000BASE-SX) as the throughput would support the new bandwidth.

Can I use the " migration tool " to convert the config from the pixes ?, as the configuration is really long (we have over 150 VLans).

I know that it would work for the 5550, but what about the 5525-x and 5545-x with the extra Six GE Optical SFP 1000BASE-SX.

 

Many thanks in advance.

 

Madonamadona

3 Replies 3

I replied to this in your other post...but I will paste that reply here as well.

I am not sure if there is a tool for migrating the configuration from PIX to ASA8.3+  If there is, I have not come across it before.  I do know that if you are upgrading from 8.2 to a later version the ASA will migrate the commands itself...though I have had mixed results with this as there have been many duplicate entries.

I did come across this webpage that has a tool for migrating NAT rules...which might be useful.  I just did a couple small tests with it and it seems to work fine...though I am unsure how it will handle a large amount of rules.

http://www.tunnelsup.com/nat-converter

As for the VLANs you would need to create subinterfaces for that, and again, I am unaware of any tool that will do this for you.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

I agree that I am not aware of a tool to migrate from PIX to ASA5500X series which runs 9.x code. And my experience with the tool that did migration from PIX to ASA pre 8.3 code was that it did not work well for me. I pretty much wound up doing the migration manually.

 

The other part of the question was about whether to choose ASA5525X or ASA5545X vs ASA5550. My advice would be to choose one of the 5500X series. They will have more processing power than the equivalent ASA5500 model and they will support more features. Also the ASA5500X will run newer code (the ASA5550 is not supported in code past 9.1). I would have pointed out the issue of End of Life announcements for the ASA5550, but for someone who is still running PIX I guess that is not much of a concern.

 

HTH

 

Rick

HTH

Rick

MariusGunnerut  / Rick, many thanks for the useful information, that's great.

 

Madonamadona

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: