cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1051
Views
5
Helpful
2
Replies

Cisco ASA-5505 to ASA-5506X Upgrade Path?

greg.kujawa
Level 1
Level 1

I have several Cisco ASA-5505's all running 9.1(7). In order to move past TLSv1.0 and enable TLSv1.2 I need to be running at least 9.3(2). But I don't see that available as an ASA software upgrade. So I suspect I will need to replace these ASA's with ASA-5506X's. 

 

If I'm running at 9.1(7), can I restore the configs onto the new ASA-5506X's with little headache? I've read some threads where there were issues replacing the ASA's using the old configs. But these were cases where users were running older versions of the ASA software.

 

Any feedback would be appreciated!

1 Accepted Solution

Accepted Solutions

Your headache won't be severe, but you'll have some. You can't directly migrate your config because there are some differences. The most important are:

  • The interfaces are Gigabit instead of FastEthernet
  • The 5506-X doesn't use VLAN-interfaces and switchports, instead you can use BVI-interfaces
  • With BVIs, the way you apply your NAT and SSH/HTTP-rules change.
  • The SSL-commands for setting the ciphers have changed

The rest should be pretty much straightforward. I would directly migrate to the newest 9.8 interims-release when migrating the ASAs.

View solution in original post

2 Replies 2

Your headache won't be severe, but you'll have some. You can't directly migrate your config because there are some differences. The most important are:

  • The interfaces are Gigabit instead of FastEthernet
  • The 5506-X doesn't use VLAN-interfaces and switchports, instead you can use BVI-interfaces
  • With BVIs, the way you apply your NAT and SSH/HTTP-rules change.
  • The SSL-commands for setting the ciphers have changed

The rest should be pretty much straightforward. I would directly migrate to the newest 9.8 interims-release when migrating the ASAs.

I was able to dodge the bullet for now and don't have to immediately upgrade from our ASA-5505's. But when we do I'll definitely refer back to your helpful response. Thanks for the insight!

Review Cisco Networking for a $25 gift card