Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
668
Views
0
Helpful
1
Replies

How to upgrade from ASA 5520 (8.2.5) to ASA 5545x

ksander
Level 1
Level 1

‎02-12-2013 07:10 AM - edited ‎03-11-2019 05:59 PM

Hi,

Due to increase of demands on our ASA cluster, we need to upgrade to a new cluster of 5545x. Our current config contains a lot of S2S & NAT so we're quite worried :-)

Thanks!

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎02-12-2013 08:05 AM

Hi,

Kinda special situation in a way.

It seems to me that you will either have to rewrite the configuration to the new 8.3+ format by hand OR use some ASA to automatically convert the configuration to the new format and then "drop" them to the new ASA5545 with possibly some minor changes.

The problem in this situation is that the ASA5545-X model doesnt support the 8.2 format configurations as it uses the new 8.6 at minimum.

Also, your current ASA5520 probably dont have enough RAM to update them first to a new software. So you probably can't even use one of them to first convert the configuration. (I guess you are talking about the Failover pair of ASA5520?)

So the options to my knowledge would be

  • Use some ASA firewall to first load the 8.2 format configurations and then boot it with new software and let the ASA convert the configurations
    • Migrate the configurations for ASA5545-X by hand on the basis of the current 8.2 configurations

    Downside to automatic conversion of the configurations is that you wont know how they work and the configurations might not be ideal/optimized.

    Good thing with writing the configurations yourself is that you learn the new format better and it will therefore be easier in the future.

    Biggest changes after 8.2 software (in 8.3 and beyond) have been

    • NAT configuration format
    • ACLs
    • Changes to VPN configurations (though with basic AnyConnect or IPsec Client/L2L configurations they arent that big)

    If you are wondering how some certain NAT would be configured in the new software you can give examples and I could try to provide you with sample configuration to convert your configurations.

    - Jouni

    0 Helpful
    Customers Also Viewed These Support Documents
    Review Cisco Networking for a $25 gift card