07-02-2012 12:50 PM - edited 03-11-2019 04:25 PM
Hi,
I have been looking unsuccessfully for the Cisco tool that take the PIX config an dconvert it to ASA (PIX 5125 to ASA 5520). I was wondering if I need that and if its a Yes, where I can find that Tool on the Cisco Site please?
Regards,
Masood
Solved! Go to Solution.
07-03-2012 08:16 AM
The fisrt one is state to be to the primary unit on the secondary you only need
failover
failover lan unit secondary
failover lan interface failover Ethernet0/3
failover key *****
failover interface ip failover 192.168.55.1 255.255.255.0 standby 192.168.55.2
07-03-2012 10:46 AM
Exactly
07-03-2012 11:47 AM
Yes Massod you can upgrade from 8.2.5 to 8.4
07-02-2012 01:16 PM
Hello,
That link is no longer available, what kind of version are you running on your pix?
07-02-2012 01:35 PM
Hi and thanks for responding.
version:
PIX Version 8.0 (4)
IOS on teh ASA was updated to : IOS on ASAs to version 843 and ASDM to version 647
and both ASAs have Active/Active Failover license.
So, I was wondering given the License I need to dio Active/Active Failoover scenario or just Active / Standby?
Also, it seems that I need to downgrade the ASA to 8.3 to be able to use the PIX 5125 configuration directly on teh ASA!?
I have a different thread running about one mont ago and above was what was advised to me.
I thought there was a conversion tool available!?
I have gone through theActive /Standby configuration but I am not sure how Active/Active setup will change my configuration that I have already written down for Active/Standby!?
Please advsie,
Regards,
Masood
07-02-2012 02:21 PM
On the ASA from 8.3 and later the NAT statements change.
You will need to downgrade your ASA to version 8.2.5 for it to take the configuration fine and then upgrade back to 8.4.
About Active/active, that is the license, you can configure active/stanby.
The active/active feature is for multiple context on ASA.
You can configure active/standby without any problem
Avout the link it was availabel but for some reason they took out the link.
07-03-2012 07:12 AM
Alejandro,
Thanks for getting back to me on this!
I though so as fro the Active/Active license and that being for multiple context mode as I had red about it but I wasn't sure and thanks so much for clarfying..!
So, all I need to watch for is to have the ASA downgraded to the 8.2.5 or may be 8.3 ? an dthen copy the current configs from teh PIX 512 in CLI and only then upgrade to 8.4 on the ASA.
question: the fact that PIX is 8.0 (4) version doesn't come ito play in transferring the configs over to teh ASA?
Regards,
Masood
07-03-2012 07:14 AM
Also,
downgrading ASA from 8.4 to 8.2.5 needs special proceedure? or just like any other IOS upgrade/downgrade?
Thanks,
Masood
07-03-2012 07:20 AM
Masood
let me do this for you, can you share the configuration and i can get you the converted configuration from PIX to ASA on version 8.2.5.
You just need to downgrade to 8.2.5 as any other upgrade procedure. Paste the config i will get you and perform the upgrade.
07-03-2012 07:24 AM
Thanks so much!
I have done PIX 515 E active/standby but ASA, it was teh very frst yeat ASA hit the market that I did a job and it was Active/Standby but it has been a lotrs of years!?
Thanks,
Masood
07-03-2012 07:24 AM
you need to PIX config?
-m
07-03-2012 07:55 AM
Alejandro,
I cannot share the PIX config online, sorry! - client doesn't allow for that to happen and I am not dealing with private compnaies!.
I guess, I need to Failover configs (it uses private IPs anyway! for failover I mean!) to be done in CLI and as lomng as I can downgrade and past the PIX confiog and upgrade to 8.4, I should be alright based on what we have discussed so far!?
Please advise,
Regards,
Masood
07-03-2012 07:22 AM
I am sorry but one more question!?
As for the secondary or the standby ASA, what configs must go on that device when still standalone?
I understand that we need to insert the Active/Standby configs part for teh standby on it while still standalone. what else should go there before I connect the two and synchronization begine?
Regards,
Masood
07-03-2012 07:57 AM
Take a look at this link
this can help you know wat configuration you need on the standby.
It is actually 4 to 5 commands on the standby unit
07-03-2012 08:10 AM
Thanks! that was helpful!
after I perfrom these steps I need to past the PIX 525 configs (without it failover part) and connect the cables betrween teh two (RJ 45 Ethernet cable) between teh faiilover interfaces.
it is after these steps that I nee dto upgrade the ASA to 8.4
One thoing though! in te document / config listed under that link you sent, there is a frist section configuration that it doesn't say what It is!?
below;
interface Ethernet0/0
nameif outside
security-level 0
ip address 172.22.1.252 255.255.255.0 standby 172.22.1.253
no shut
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.10.10.10 255.255.255.0 standby 10.10.10.11
no shut
!
interface Ethernet0/2
nameif dmz
security-level 50
ip address 192.168.60.1 255.255.255.0 standby 192.168.60.2
no shut interface Ethernet0/0
nameif outside
security-level 0
ip address 172.22.1.252 255.255.255.0 standby 172.22.1.253
no shut
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.10.10.10 255.255.255.0 standby 10.10.10.11
no shut
!
interface Ethernet0/2
nameif dmz
security-level 50
ip address 192.168.60.1 255.255.255.0 standby 192.168.60.2
no shut
So, I see, dmz and an Inside interfaces listed plus failover link failover Ethernet0/3 then why is the standby keyword is given to the Inside and teh DMZ inetrfaces?
Thanks,
Masood
07-03-2012 08:16 AM
The fisrt one is state to be to the primary unit on the secondary you only need
failover
failover lan unit secondary
failover lan interface failover Ethernet0/3
failover key *****
failover interface ip failover 192.168.55.1 255.255.255.0 standby 192.168.55.2
07-03-2012 10:18 AM
THanks Alejandro,
just to re-cap teh steps needed:
1- I will downgrade the ASA freom 8.4 to 8.25
2- insert Failover configs on both devices (both as standalone)
3- paste PIX 525 configuration on to the Primary ASA (as standalone)
4- upgrade ASAs to 8.4 each at stanbdalone
5- connect cables and boot up primary
6- boot up secondary
all should be working!?
question: after pasting PIX 525 configuration, would all the current INterfaces configured and VLANs configured on teh PIX 525 including interfaces naming like fastethernet, Ethernet, etc. will stay the same?
Please advise,
Regards,
Masood
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide