Re: asa ASA5525 running configurations

SS2020 · ‎05-18-2023

Hello All,

I have two ASA ASA5525 configured as HA and i need to replace the hardware to latest cisco ASA

FPR1120-ASA-K9

I was just wondering if there is way i could convert current running configurations to the new firewall without spending lots of time.

Note: this is like for like just hardware change nothing else.

and is there a command that i can get all running configs without any spaces or missing info please?

What is the easiest way to do it please?

I do not want to miss any ACLs during the migrations.

Many Thank you.

Regards,

Star

MHM Cisco World · ‎05-18-2023

Rob Ingram · ‎05-18-2023

@SS2020 unfortunately the Cisco Firepower Migration Tool is for ASA to FTD migrations, not ASA to ASA on different hardware.

You can mostly copy and paste the configuration, you may need to modify any interface numbers which might be slightly different.

If you have Site-to-Site VPNs with PSK, then use - "more system://running-config" to reveal the PSK in cleartext.

If using any certificate, either export and import or create new CSR on the new hardware and get the certificate signed.

Be aware newer ASA versions have depcreciated older weak crypto algorithms, so you should review the crypto settings (if applicable) and reconfigure.

SS2020 · ‎05-20-2023

Hello Rob,

thank you for the info.

do I need to request a new certificate? Yes I do have site to site configuration

Rob Ingram · ‎05-20-2023

@SS2020 up to you, you can either export and import the current certificate or create a new certificate.