10-10-2014 11:53 PM - edited 03-11-2019 09:54 PM
Hi,
I've read up a fair articles detailing how to migrate/upgrade from ASA 5510 to a 5525-X and attempted this today without much luck.
I have basically copied the existing config on the 5510, edited the Interface names to reflect that the 5525 has all GigabitEthernet ports, and applied to the new unit. Once the connections have swapped, everything works perfectly except for the Site-to-Site VPN's that we have configured.
I can only presume that its due to the Pre-Shared keys not coming over, or being applied somehow? Funnily enough, when setting up HA Active/Standby pre-deployment it would never copy the IKEv1/PSKs over to the secondary unit so I suspect thats the root cause. Any idea how I can get around this, or other techniques to try and get the new units online?
Many thanks,
10-10-2014 11:58 PM
Hi,
You can try this command:-
more system:running-config and this will PSK's in clear text and manually copy it to the new ASA.
Thanks and Regards,
Vibhor Amrodia
10-11-2014 12:09 AM
Hi Vibhor,
Thats the command I used initially to export the config out of the 5510 (otherwise it would just outputted a load of ****). PSK's were in clear-text, albeit encrypted hence why i'm wondering if its the encryption key that hasnt been applied correctly?
Thanks,
10-11-2014 12:36 AM
Hi,
Please post your 'show version' output. Make sure you've got the right licenses.
10-11-2014 09:12 AM
Do a side-by-side comparison using something like examdiff (free tool from Prestosoft). Make sure you accounted for all the commands migrated and places where the interface name was referenced.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide