Solved: Migrating ASA 5505 to 5506-X

Abhradeep.Banerjee · ‎10-23-2015

Hi I am finding trouble migrating 5505 to 5506-X.

I have pasted the config that I have changed.

The only statement that doesn't go thru is :

route outside 0.0.0.0 0.0.0.0 27.X.X.X8 1

old config: ASA 8.4.2

interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 10.10.10.2 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 27.X.X.X8 255.255.255.240

route outside 0.0.0.0 0.0.0.0 27.X.X.X8 1

New Config: ASA 9.5.1

interface GigabitEthernet1/1
nameif inside
security-level 100
ip address 10.X.X.X 255.255.255.0
!
interface GigabitEthernet1/2
nameif outside
security-level 0
ip address 27.X.X.X8 255.255.255.240

Aastha Bhardwaj · ‎10-23-2015

HI,

The command should work without any issues until and unless:

++You have a setroute on any other interface

++Also I see outside interface has ip : 27.X.X.X8 255.255.255.240 and the route that you are configuring is route outside 0.0.0.0 0.0.0.0 27.X.X.X8 1 , make sure it is the next hop and not the outside interface itself.

++Run a "show route" and check if you have any other default route with same metric.

Regards,

Aastha

Rate if that helps!!!

View solution in original post

Rishabh Seth · ‎10-23-2015

Hi Abhradeep,

What is the error that you get while applying the route configuration on 5506.

You can check if there is some interface configured to get IP dynamically with setroute keyword, this would result in installation of default route.

You can check show route output and check if there is any default route present. In case you see it, you can remove the route the static route, if it is manually configured or you can remove the setroute keyword from interface, if the route is dynamically learnt.

Share your findings.

Thanks,

R.Seth

Abhradeep.Banerjee · ‎10-23-2015

think ill recreate the problem on GNS3. its something like ip address already being used.

You can check if there is some interface configured to get IP dynamically with setroute keyword, this would result in installation of default route. (this hasnt been set)

Abhradeep.Banerjee · ‎11-10-2015

hi,

Managed to solve the problem i just used another IP address from the given range from the ISP.

Regards

Abhradeep

Aastha Bhardwaj · ‎10-23-2015

HI,

The command should work without any issues until and unless:

++You have a setroute on any other interface

++Also I see outside interface has ip : 27.X.X.X8 255.255.255.240 and the route that you are configuring is route outside 0.0.0.0 0.0.0.0 27.X.X.X8 1 , make sure it is the next hop and not the outside interface itself.

++Run a "show route" and check if you have any other default route with same metric.

Regards,

Aastha

Rate if that helps!!!

Abhradeep.Banerjee · ‎10-24-2015

Hi the route outside was set previously, on the ASA 5505. It was was working perfectly,

I pasted in the 8.4.2(GNS3) no issue. But didn't work on 9.5.1 actual hardware.

The ASA 5505 : running on 8.4.2

5506-X Running on 9.5.1 image

I transferred config(by importing to the new firewall) only change i made was to put on the gE interface instead of VLAN.

There was no set route set into any other interface. As the old config didn't have any such configuration.

Regards

Abhradeep