Can I export the configuration from a 5510 to a 5525-x?

mjensen323 · ‎06-16-2014

I have an old 5510 on ASA 8.2, ASDM 6.2.1

I just purchased 2 - ASA 5525-x's. Can I take the configuration off the old directly to the new then configure failover? Or should I configure failover, etc.. and then just bring the vpn / firewall rules, etc.. over by themselves?

nkarthikeyan · ‎06-17-2014

Hi,

It depends on the OS version which you use in 5525X. Also interface names might get differs from 5510 & 5525X.

Better to copy the configurations in notepad and then do with the conf changes in 5525X. If you are going to have a 8.3+ version then your NAT/VPN syntax has some changes.

HTH

Regards

Karthik

Marvin Rhoads · ‎06-17-2014

I agree with Karthik - you should export the old configuration into a text editor and re-work it for the current syntax with respect to NAT and how you assign the physical interfaces.

Also if you have any access-lists on the outside interface they will now use the real IP address of the target host vs. the NATted public IP.

The command parser is capable of reading an old syntax configuration upon startup and converting it, but you cannot just paste the old syntax into a running appliance.

A migration like this is a good opportunity to clean up the old configuration and reinforce your understanding of all the functions and features you have configured in your firewall.