cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
414
Views
5
Helpful
4
Replies

ASA Config To FirePower

zekebashi
Level 4
Level 4

Hello,

 

I'm working on a project to migrate several ASA 5510’s & 5520’s to FirePower 2100. I'm new to FirePower and need some guidance on the best way to migrate existing config files from the ASA 55X's to the FirePower 2100. I've reviewed the below doc but got a bit confused about the difference between configuring the FXOS vs the ASA. I was under the impression that migrating the config of one ASA to another was straight forward.

 

 

https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/fp2100/asa-2100-gsg/getting-started.html

 

Thanks in advance,

~zK

4 Replies 4

Rahul Govindan
VIP Alumni
VIP Alumni

Are your planning to run ASA or Firepower Threat Defense (FTD) image on the Firepower 2100 chassis? IF you plan to use ASA, the config would be the same as what you have now, only your initial setup processes may vary. FXOS is just the underlying OS for the chassis on top of which ASA is installed as an application . Think of the ASA installed as an VM and the FXOS as a hypervisor. All the physical aspects of the chassis are controlled on the FXOS. 

 

IF you plan on using the FTD, you would have to convert the ASA configuration to FTD using the migration tool. As of today, this involves spinning up a separate Firepower Management Center (FMC) just for migration. Once you convert your ACLs, objects and NAT on the migration tool, you import the migrated output to your production FMC. More details are here:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/asa2ftd-migration/asa2ftd-migration-guide-620/asa2ftd_intro.html

Thanks, Rahul!

 

So, I simply want to run just the ASA image, will I need to do any type of configuration involving the FXOS?

 

Thanks, ~zK

As @Rahul Govindan mentioned, the initial installation of the ASA image and assignment of physical interfaces to the ASA is done via FX-OS.

 

Once you've done that, everything else is on the ASA itself using either ASDM or the cli.

Thank you! 

 

Best, zK 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card