10-07-2014 12:13 PM - edited 03-11-2019 09:52 PM
We have just purchased an ASA 5515x that has version 9.1(3) installed. Our current ASA 5510 has version 8.0(4)39 installed. The current ASA also has a CSC-SSM 20 installed. We also had a 25 user Anyconnect license installed. I guess I am just looking for some ideas on getting the config from my current ASA to the new ASA 5515x. Included with the new ASA was a PAK for ASA 5515-x AVC & NGFW IPS for 1 year and a DVD for Cisco Prime security manager. Any Ideas?
10-07-2014 12:29 PM
Well I did a sh ver to see what I have purchased. Maybe someone can offer some guidance..
sh ver
Cisco Adaptive Security Appliance Software Version 9.1(3)
Device Manager Version 7.1(4)
Compiled on Mon 16-Sep-13 16:07 PDT by builders
System image file is "disk0:/asa913-smp-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 3 mins 45 secs
Hardware: ASA5515, 8192 MB RAM, CPU Clarkdale 3058 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-T020
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is f07f.0645.becf, irq 11
1: Ext: GigabitEthernet0/0 : address is f07f.0645.bed3, irq 10
2: Ext: GigabitEthernet0/1 : address is f07f.0645.bed0, irq 10
3: Ext: GigabitEthernet0/2 : address is f07f.0645.bed4, irq 5
4: Ext: GigabitEthernet0/3 : address is f07f.0645.bed1, irq 5
5: Ext: GigabitEthernet0/4 : address is f07f.0645.bed5, irq 10
6: Ext: GigabitEthernet0/5 : address is f07f.0645.bed2, irq 10
7: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
8: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
9: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
10: Ext: Management0/0 : address is f07f.0645.becf, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : 250 perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA 5515 Security Plus license.
Serial Number: FCH1832JPRD
Running Permanent Activation Key: 0x4d06fa64 0xb4e01d56 0x5563e1e0 0xf250d070 0
Configuration register is 0x1
Configuration has not been modified since last system restart.
ciscoasa#
10-07-2014 06:00 PM
Hi,
The CSC module that you had working before would not be available on the ASA-X devices. Instead , you would have to configure the CX module for the same functionality and more.
You would have to enable this module and then configure it as per the policies on the CSC module.
Refer:-
http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/cx/cx_qsg.html
It would be best to open a TAC case if possible.
Thanks and Regards,
Vibhor Amrodia
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide