Hi Vibhor,Thats the command I

Adam G · ‎10-10-2014

Hi,

I've read up a fair articles detailing how to migrate/upgrade from ASA 5510 to a 5525-X and attempted this today without much luck.

I have basically copied the existing config on the 5510, edited the Interface names to reflect that the 5525 has all GigabitEthernet ports, and applied to the new unit. Once the connections have swapped, everything works perfectly except for the Site-to-Site VPN's that we have configured.

I can only presume that its due to the Pre-Shared keys not coming over, or being applied somehow? Funnily enough, when setting up HA Active/Standby pre-deployment it would never copy the IKEv1/PSKs over to the secondary unit so I suspect thats the root cause. Any idea how I can get around this, or other techniques to try and get the new units online?

Many thanks,

Vibhor Amrodia · ‎10-10-2014

Hi,

You can try this command:-

more system:running-config and this will PSK's in clear text and manually copy it to the new ASA.

Thanks and Regards,

Vibhor Amrodia

Adam G · ‎10-11-2014

Hi Vibhor,

Thats the command I used initially to export the config out of the 5510 (otherwise it would just outputted a load of ****). PSK's were in clear-text, albeit encrypted hence why i'm wondering if its the encryption key that hasnt been applied correctly?

Thanks,

johnlloyd_13 · ‎10-11-2014

Hi,

Please post your 'show version' output. Make sure you've got the right licenses.

Marvin Rhoads · ‎10-11-2014

Do a side-by-side comparison using something like examdiff (free tool from Prestosoft). Make sure you accounted for all the commands migrated and places where the interface name was referenced.

ASA Migration // 5510 to 5525-X