cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1504
Views
0
Helpful
3
Replies

Looking for advice on ASA for FirePower 2110 migration from 5515-X

John Whites
Level 1
Level 1

Greetings all.  We are looking to migrate an 5515-X ASA to ASA on FirePower 2110.  There are a few things that are different and I was wondering if anyone had any suggestions on things that have been causing me issues.

 

It was suggested that I could just assign interfaces in FX-OS to the virtualized ASA and then restore the backup that I took on the 5515 to the new ASA using ASDM.  I have ran into issues with this and I think part of it is because the ASA on firepower has different interfaces than the 5515-X (gig0/0 compared to ethernet1/1).  How would I go about resolving those kind of issues or is there a migration tool (again this is the actual ASA running on the firepower box, not FTD). 

 

My other question is in regards to the failover configuration.  I believe I need to take a backup of both the primary and secondary devices nad restore their configs seperately to each device.  I think the failover config itself is not included in the backup?  I'm wondering if I need to set that up beforehand on the new devices.  The other question I had is before i do the restore on the 2110 virtualized ASA should I make the management interface configuration match what's on the 5515-X?

 

 

3 Replies 3

Sergey Lisitsin
VIP Alumni
VIP Alumni

John,

 

There is no migration tool for ASA to ASA code migrations. You will have to take config backup in text mode and manually tweak it with regards to the interface names. Unfortunately there is no automated way to do it. The migration tool only works to convert ASA configuration to FTD policy file which can then be uploaded to FMC.

Are there any caveats with that as far as VPN preshared keys?  I'm unclear if the running or startup config has those or if i need to do something special

You can view the pre-shared keys using command "more system:/running-config"

It will show you all the keys in decrypted format. As opposed to if you view them using "show run" command they will all be displayed as asterisks.

Review Cisco Networking for a $25 gift card