cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2153
Views
0
Helpful
26
Replies

Link to configuration convertor tool from PIX to ASA

m-abooali
Level 4
Level 4

                   Hi,

I have been looking unsuccessfully for the Cisco tool that take the PIX config an dconvert it to ASA (PIX 5125 to ASA 5520). I was wondering if I need that and if its a Yes, where I can find that Tool on the Cisco Site please?

Regards,

Masood

3 Accepted Solutions

Accepted Solutions

The fisrt one is state to be to the primary unit on the secondary you only need

failover
failover lan unit secondary
failover lan interface failover Ethernet0/3
failover key *****
failover interface ip failover 192.168.55.1 255.255.255.0 standby 192.168.55.2

View solution in original post

Yes Massod you can upgrade from 8.2.5 to 8.4

View solution in original post

26 Replies 26

alejands
Level 1
Level 1

Hello,

That link is no longer available, what kind of version are you running on your pix?

Hi and thanks for responding.

version:

PIX Version 8.0 (4)

IOS on teh ASA was updated to : IOS on ASAs to version 843 and ASDM to version 647

and both ASAs have Active/Active Failover license.

So, I was wondering given the License I need to dio Active/Active Failoover scenario or just Active / Standby?

Also, it seems that I need to downgrade the ASA to 8.3 to be able to use the PIX 5125 configuration directly on teh ASA!?

I have a different thread running about one mont ago and above was what was advised to me.

I thought there was a conversion tool available!?

I have gone through theActive /Standby configuration but I am not sure how Active/Active setup will change my configuration that I have already written down for Active/Standby!?

Please advsie,

Regards,

Masood

On the ASA from 8.3 and later the NAT statements change.

You will need to downgrade your ASA to version 8.2.5 for it to take the configuration fine and then upgrade back to 8.4.

About Active/active, that is the license, you can configure active/stanby.

The active/active feature is for multiple context on ASA.

You can configure active/standby without any problem

Avout the link it was availabel but for some reason they took out the link.

Alejandro,

Thanks for getting back to me on this!

I though so as fro the Active/Active license and that being for multiple context mode as I had red about it but I wasn't sure and thanks so much for clarfying..!

So, all I need to watch for is to have the ASA downgraded to the 8.2.5 or may be 8.3 ? an dthen copy the current configs from teh PIX 512 in CLI and only then upgrade to 8.4 on the ASA.

question: the fact that PIX is 8.0 (4) version doesn't come ito play in transferring the configs over to teh ASA?

Regards,

Masood

Also,

downgrading ASA from 8.4 to 8.2.5 needs special proceedure? or just like any other IOS upgrade/downgrade?

Thanks,


Masood

Masood

let me do this for you, can you share the configuration and i can get you the converted configuration from PIX to ASA on version 8.2.5.

You just need to downgrade to 8.2.5 as any other upgrade procedure. Paste the config i will get you and perform the upgrade.

Thanks so much!

I have done PIX 515 E active/standby but  ASA, it was teh very frst yeat ASA hit the market that I did a job and it was Active/Standby but it has been a lotrs of years!?

Thanks,

Masood

you need to PIX config?

-m

Alejandro,

I cannot share the PIX config online, sorry! - client doesn't allow for that to happen and I am not dealing with private compnaies!.

I guess, I need to Failover configs (it uses private IPs anyway! for failover I mean!) to be done in CLI and as lomng as I can downgrade and past the PIX confiog and upgrade to 8.4, I should be alright based on what we have discussed so far!?

Please advise,

Regards,

Masood

I am sorry but one more question!?

As for the secondary or the standby ASA, what configs must go on that device when still standalone?

I understand that we need to insert the Active/Standby configs part for teh standby on it while still standalone. what else should go there before I connect the two and synchronization begine?

Regards,

Masood

Take a look at this link

http://www.wr-mem.com/?p=110

this can help you know wat configuration you need on the standby.

It is actually 4 to 5 commands on the standby unit

Thanks! that was helpful!

after I perfrom these steps I need to past the PIX 525 configs (without it failover part) and connect the cables betrween teh two (RJ 45 Ethernet cable) between teh faiilover interfaces.

it is after these steps that I nee dto upgrade the ASA to 8.4

One thoing though! in te document / config listed under that link you sent, there is a frist section configuration that it doesn't say what It is!?

below;

interface Ethernet0/0

nameif outside

security-level 0

ip address 172.22.1.252 255.255.255.0 standby 172.22.1.253

no shut

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.10.10.10 255.255.255.0 standby 10.10.10.11

no shut

!

interface Ethernet0/2

nameif dmz

security-level 50

ip address 192.168.60.1 255.255.255.0 standby 192.168.60.2

no shut interface Ethernet0/0
nameif outside
security-level 0
ip address 172.22.1.252 255.255.255.0 standby 172.22.1.253
no shut
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.10.10.10 255.255.255.0 standby 10.10.10.11
no shut
!
interface Ethernet0/2
nameif dmz
security-level 50
ip address 192.168.60.1 255.255.255.0 standby 192.168.60.2
no shut

So, I see, dmz and an Inside interfaces listed plus failover link failover Ethernet0/3 then why is the standby keyword is given to the Inside and teh DMZ inetrfaces?

Thanks,

Masood

The fisrt one is state to be to the primary unit on the secondary you only need

failover
failover lan unit secondary
failover lan interface failover Ethernet0/3
failover key *****
failover interface ip failover 192.168.55.1 255.255.255.0 standby 192.168.55.2

THanks Alejandro,

just to re-cap teh steps needed:

1- I will downgrade the ASA freom 8.4 to 8.25

2- insert Failover configs on both devices (both as standalone)

3- paste PIX 525 configuration on to the Primary ASA (as standalone)

4- upgrade ASAs to 8.4 each at stanbdalone

5- connect cables and boot up primary

6- boot up secondary

all should be working!?

question: after pasting PIX 525 configuration, would all the current INterfaces configured and VLANs configured on teh PIX 525 including interfaces naming like fastethernet, Ethernet, etc. will stay the same?

Please advise,

Regards,

Masood

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: