Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1318
Views
0
Helpful
2
Replies

ASA 8.3 Migration - Expanded Access list

Go to solution
shaucall46
Level 1
Level 1

‎04-25-2011 03:46 AM - edited ‎03-11-2019 01:25 PM

I have just upgraded a ASA5510 from 8.2 to 8.3 using migration tool.

All seemed to go well, still double checking the config as this is a bench test of upgrade prior to filed upgrades.

Anyway one thing that is slightly frustrating is that the migration has expanded all of my access-lists, so we maybe had 10 lines of config relating to access-lists based on access-groups, now we have hundreds of lines.

On ASDM this is bad enough but on CLI with show run its a bit of a bind.

Is there any way to un-expand the access list or do I simply delete and start again using my access groups.

Any thoughts appreciated

Paul

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎04-25-2011 06:00 AM

Hi Paul,

That is expected behavior in the configuration conversion process.

Unfortunately, there is no way of automatically getting back the previous config.

You could edit the access-list part of your 8.2 config, to allow traffic to real ip, instead of translated ip, and add that configuration into the cli.

However, this will involve some downtime, as you would have to delete the existing access-lists before doing that. You might also need to add/edit the object groups.

I would suggest making a backup of the current 8.3 config before doing this as well, just in case.

Hope this helps.

-Shrikant

P.S.: Please mark this question as answered if it has been resolved. Do rate helpful posts. Thanks.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎04-25-2011 06:00 AM

Hi Paul,

That is expected behavior in the configuration conversion process.

Unfortunately, there is no way of automatically getting back the previous config.

You could edit the access-list part of your 8.2 config, to allow traffic to real ip, instead of translated ip, and add that configuration into the cli.

However, this will involve some downtime, as you would have to delete the existing access-lists before doing that. You might also need to add/edit the object groups.

I would suggest making a backup of the current 8.3 config before doing this as well, just in case.

Hope this helps.

-Shrikant

P.S.: Please mark this question as answered if it has been resolved. Do rate helpful posts. Thanks.

0 Helpful

Go to solution
shaucall46
Level 1
Level 1
In response to Shrikant Sundaresh

‎05-09-2011 06:52 AM

Thanks

As this was a test bed for future upgrades to 8.3, I think I would much rather re-write to config on 8.3 than run through the migration tools and have unknowns.

Basically what I did here was rolled back my config to 8.2 and re-did the config as suggested.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card