Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
750
Views
0
Helpful
3
Replies

ASA 5585 migrate interfaces 1 Gi to Subinterfaces 10 Gi

Go to solution
jfigueroa8
Level 1
Level 1

‎05-18-2016 08:48 AM - edited ‎03-12-2019 12:45 AM

Good morning

Currently we have to ASA 5585-X in Fail-over (Acitve-Passive) mode, we have configured 4 interfaces for the DMZ zones, each one at 1 Giga, now we bought the Security Plus License to enable the 10 Giga interfaces.

The question is how I can migrate the configuration from my 4 interfaces at 1 Giga each to my interfaces at 10 Giga in a port-channel against our Nexus switches for our DMZ zones, the new interfaces at 10 Giga will be configured with subinterfaces, so the main idea is to migrate the current configuration from 4 physical interfaces to one port-channel in subinterfaces.

Thanks a lot for all your comments.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-18-2016 07:33 PM

You need to first copy the current configuration to a file. Separate out any access-lists, NAT rules and other configuration associated with the "nameifs" that you will be migrating. The reason is tthat your will have to remove the interface "nameif" which will delete those bits as well.

Then build the 10 Gbps subinterfaces and assign the desired nameifs on them. Finally reapply the bits you separated out already.

I'd finish up with a diff (I use and recommend the Examdiff tool from Prestosoft) of the before and after configuration to make sure you didn't miss anything.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-18-2016 07:33 PM

You need to first copy the current configuration to a file. Separate out any access-lists, NAT rules and other configuration associated with the "nameifs" that you will be migrating. The reason is tthat your will have to remove the interface "nameif" which will delete those bits as well.

Then build the 10 Gbps subinterfaces and assign the desired nameifs on them. Finally reapply the bits you separated out already.

I'd finish up with a diff (I use and recommend the Examdiff tool from Prestosoft) of the before and after configuration to make sure you didn't miss anything.

0 Helpful

Go to solution
jfigueroa8
Level 1
Level 1
In response to Marvin Rhoads

‎05-20-2016 08:51 AM

Thanks a lot for your answer Marvin

I will try this on my lab and as soon as I have result I'll be back.

0 Helpful

Go to solution
jfigueroa8
Level 1
Level 1
In response to Marvin Rhoads

‎06-02-2016 06:00 AM

Good morning Marvin

Thanks a lot for your answer, I test it and it work perfectly. But now I have another question:

Can you explain me the difference between a zone and a port-channel in the ASA, when I can use each one? Are they exclusive? Can I have a port-channel inside a zone or sub interfaces inside the zone? Can I have both working at the same time?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card