ASA Migration Problems

hellishglare · ‎03-07-2012

Hi,

I'm trying to migrate a configuration of an ASA 5520(Version: ASA 8.0(5)) to an ASA 5585 (Version: 8.4(2)). I keep getting some errors which are included below. I've been struggling with these for some copule of weeks and read the documentation on cisco.com (

http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html) and also some pages on this forum. Some lines are written in bold of which I wasn't able to find any information about. Any help is appreciated. Thanks.

INFO: MIGRATION - Saving the startup errors to file 'flash:upgrade_startup_errors_201203062349.log'

Reading from flash...

!!!!!!!!!!!!!!!!!!!WARNING:

MIGRATION: NAT Exempt command is encountered in config.

Static NATs which overlap with NAT Exempt source are not migrated.

Please check migrated ACLs for accuracy.

WARNING: MIGRATION: Failed to create acl element to track during migration

*** Output from config line 1291, "access-group outside_acc..."

WARNING:

MIGRATION: NAT Exempt command is encountered in config.

Static NATs which overlap with NAT Exempt source are not migrated.

Please check migrated ACLs for accuracy.

*** Output from config line 1292, "access-group inside_acce..."

WARNING:

MIGRATION: NAT Exempt command is encountered in config.

Static NATs which overlap with NAT Exempt source are not migrated.

Please check migrated ACLs for accuracy.

*** Output from config line 1293, "access-group DMZ_access_..."

...

WARNING: MIGRATION: During migration of access-list <XXXXXXX> expanded

this object-group ACE

permit object-group DM_INLINE_SERVICE_5 XXX 255.255.255.0 DMZnet 255.255.255.0

...

WARNING: MIGRATION: Failed to create acl element to track during migration

*** Output from config line 1298, "access-group XXXXX..."

...

ERROR: MIGRATION: No memory to create migrated service-policy element

ERROR: Problem with interface 2

ERROR: MIGRATION: No memory to create migrated service-policy element

ERROR: Problem with interface 3

ERROR: MIGRATION: No memory to create migrated service-policy element

ERROR: Problem with interface 4

ERROR: MIGRATION: No memory to create migrated service-policy element

ERROR: Problem with interface 5

ERROR: MIGRATION: No memory to create migrated service-policy element

ERROR: Problem with interface 6

ERROR: MIGRATION: No memory to create migrated service-policy element

ERROR: Problem with interface 7

ERROR: MIGRATION: No memory to create migrated service-policy element

ERROR: Problem with interface 8

ERROR: MIGRATION: No memory to create migrated service-policy element

ERROR: Problem with interface 9

ERROR: MIGRATION: No memory to create migrated service-policy element

ERROR: Problem with interface 10

ERROR: MIGRATION: No memory to create migrated service-policy element

ERROR: Problem with interface 11

*** Output from config line 1797, "service-policy global-po..."

NAT migration logs:

The following 'nat' command didn't have a matching 'global' rule on interface 'dmz' and was not migrated.

nat (inside) 1 access-list inside_nat_outbound

...

WARNING: The following identity NAT was not migrated. If required, an appropriate bypass NAT rule needs to be added.

global (outside) 10 interface

nat (inside) 0 logserver 255.255.255.255

WARNING: The following identity NAT was not migrated. If required, an appropriate bypass NAT rule needs to be added.

nat (inside) 0 logserver 255.255.255.255

The following 'nat' command didn't have a matching 'global' rule on interface 'dmz' and was not migrated.

nat (inside) 1 icnetwork 255.255.0.0

...

ERROR: MIGRATION: No memory to create migrated service-policy element

The following 'nat' command didn't have a matching 'global' rule on interface 'TAV' and was not migrated.

nat (dmz) 1 access-list dmz_nat_outbound

...

INFO: NAT migration completed.

ERROR: an object-group with the same name (egitim) exist.

WARNING: Failed to create an object for name 'egitim' in the following ACL:

access-list DMZ_access_in extended permit tcp host 9.1.1.90 object-group egitim any