Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1457
Views
1
Helpful
2
Replies

Hardware upgrade from ASA 5510 to ASA 5516-X

Go to solution
moThaSeb
Level 1
Level 1

‎08-29-2017 09:45 AM - edited ‎02-21-2020 06:15 AM

Hi,

 

We are migrating from a 5510 platform to a 5516-x platform. 

We tried the backup and restore feature of ASDM which to partially work. 

This is because the interface names on 5516-X are GigabitEthernet while Ethernet on 5510. Hence a different cryptochecksum -> leading to ASDM restore feature not to work on the 5516-x side. 

 

This is the easiest method for us since many VPN, ipsec and certificates config on those boxes. 

 

Is there a method to change the running/startup config and recalculate the hash ? I tried md5 hashes between the head and the tail of the config, but the output hash is different. 

 

Thanks

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
moThaSeb
Level 1
Level 1
In response to Marvin Rhoads

‎08-30-2017 09:17 AM

Thanks Marvin for the suggestion. 

 

I exported all the certificates that the boxes use and for which there were a private key in PKCS12, while taking note of the associated trustpoint name. I then imported the certificates on the new boxes by creating new trustpoints with same name. The same for CA certs. 

I also exported anyconnect images and imported as needed on the new boxes/ 

 

I then export the show run using the command you suggested ( "more system:running-config" ). Rearrenged some commands that were failing because some dependecy commands were to low on the config. 

The config look similar right now. 

 

Now it's time to test :) 

 

Thanks again ! 

M S

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-29-2017 06:55 PM

As noted you cannot simply restore.

If you take the current running config by using the "more system:running-config" command you can extract everything including preshared keys. Certificates may need to be migrated over manually and/or possibly re-issued if they are bound to the current ASA's private key.

If you are working with a partner or Cisco SE you can potentially more easily migrate the configuration by asking them to use the internal Cisco migration tool.

Go to solution
moThaSeb
Level 1
Level 1
In response to Marvin Rhoads

‎08-30-2017 09:17 AM

Thanks Marvin for the suggestion. 

 

I exported all the certificates that the boxes use and for which there were a private key in PKCS12, while taking note of the associated trustpoint name. I then imported the certificates on the new boxes by creating new trustpoints with same name. The same for CA certs. 

I also exported anyconnect images and imported as needed on the new boxes/ 

 

I then export the show run using the command you suggested ( "more system:running-config" ). Rearrenged some commands that were failing because some dependecy commands were to low on the config. 

The config look similar right now. 

 

Now it's time to test :) 

 

Thanks again ! 

M S

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card