cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2172
Views
0
Helpful
3
Replies

how to migrate PIX Failover(Active/Standby) Pair to ASA on Firepower 2110

Lee.Jeongdae
Level 1
Level 1

I know how to migrate the PIX Failover(Active/Standby) Pair to ASA on Firepower2110  without interrupting traffic. 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

That cannot be done without traffic interruption. The new ASA pair will have new MAC addresses for the interfaces and there would be no way to transfer connection state table from the old to the new.

You would need to rebuild the configuration on the new ASA pair and then, during a scheduled outage, disconnect the Pix pair and connect the ASA pair.

It would be a short but unavoidable service interruption.

View solution in original post

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

That cannot be done without traffic interruption. The new ASA pair will have new MAC addresses for the interfaces and there would be no way to transfer connection state table from the old to the new.

You would need to rebuild the configuration on the new ASA pair and then, during a scheduled outage, disconnect the Pix pair and connect the ASA pair.

It would be a short but unavoidable service interruption.

Thank you for reply.

Is it not possible to set the MAC of the PIX interface to ASA as a virtual Mac?

Yes technically you could specify the MAC address instead of using the burned in address.

You'd still have the issue of not having any information about state of connections and flows (and any NAT xlates) existing in the Pix on the new ASAs. So those would need to be all re-established.

Since you have to have an outage due to the second bit in any case, why incur unnecessary technical debt in fiddling with MAC address.

Review Cisco Networking for a $25 gift card