Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1609
Views
10
Helpful
3
Replies

Copy ASA 5520 Configuration to Another 5515

Go to solution
murilo.coutinho
Level 1
Level 1

‎04-21-2020 05:26 PM

Hi All,

It's been a long time since I worked worked with the ASAs but having to replace a 5520 with a 5515.

 

The customer current ASA is running version 9.1.(7)23 and the ASA 5515 doesn't support 9.1.7. and asdm 7.1.5

From what I can see there is not a "same image" that both ASA support so how is the best way to do it?

 

The existing config has certificates so according to other threads I read it is best to use the backup command. However the backup/restore is only available from version 9.3. The config also seems to have Anyconnect and apparently I can use the export command for it.  How can I import it?

 

Thanks All.

 

So it doesn't look like I have an option but to copy and paste. Does anyone know if it works fine?

What I am thinking at this stage is to go with version 9.4.4 or 9.6.4 on the 5515. Hopefully no major differences.

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-21-2020 10:15 PM

You can generally copy from the old one, edit in a text editor to account for interface numbering changes, hostname, boot and asdm variables and paste into the new firewall.I recommend using something like examdiff to check your editing work before and after.

If you're using an identity certificate for VPN it's generally better to get it reissued from the CA. If you export it intending to import to the new ASA, you need to have the private key as well as the certificate itself.

For the 5515-X I would recommend going with a more recent Cisco-recommended release. ASA 9.8(4)20 or 9.12(3)12 and ASDM 7.14(1)46.

The old config should be syntax-compatible with the few caveats I mentioned earlier.

View solution in original post

Go to solution
Sheraz.Salim
VIP
VIP

‎04-21-2020 11:50 PM

As @Marvin Rhoads explained I just want to point out you said you have certificate on your old unit firewall Here this document help you to export the identity certificate your your old firewall and this cert can be import in new firewall. 
one last thing in order to take the config of old unit give command 

more system: running config

this command will show you the password if there is site to site vpn configured.

 

 

 

 

please do not forget to rate.

View solution in original post

3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-21-2020 10:15 PM

You can generally copy from the old one, edit in a text editor to account for interface numbering changes, hostname, boot and asdm variables and paste into the new firewall.I recommend using something like examdiff to check your editing work before and after.

If you're using an identity certificate for VPN it's generally better to get it reissued from the CA. If you export it intending to import to the new ASA, you need to have the private key as well as the certificate itself.

For the 5515-X I would recommend going with a more recent Cisco-recommended release. ASA 9.8(4)20 or 9.12(3)12 and ASDM 7.14(1)46.

The old config should be syntax-compatible with the few caveats I mentioned earlier.

Go to solution
Sheraz.Salim
VIP
VIP

‎04-21-2020 11:50 PM

As @Marvin Rhoads explained I just want to point out you said you have certificate on your old unit firewall Here this document help you to export the identity certificate your your old firewall and this cert can be import in new firewall. 
one last thing in order to take the config of old unit give command 

more system: running config

this command will show you the password if there is site to site vpn configured.

 

 

 

 

please do not forget to rate.

Go to solution
murilo.coutinho
Level 1
Level 1

‎04-22-2020 01:22 PM

Thanks a lot.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card