09-13-2016 03:22 AM - edited 03-12-2019 01:15 AM
Hi all,
I have a 5510 I need to migrate the configuration over to a 5512-X. My main concern here is that there may be a fundamental difference in the code releases, specifically NAT configuration changes between different code releases.
The 5510 is currently on 8.4(3), and the 5512-X will be on the latest stable release, which I believe is 9.4.3. (It's brand new, so will have default config on ios currently).
Will there be any issues with copying the config over based on the above IOS versions?
Many thanks,
Nick
Solved! Go to Solution.
09-13-2016 01:24 PM
The table you posted is for inline upgrade. The intermediate step is only required in such a case because of some changes in how the disk file system works.
Rules will not need to be re-built. However, your 5510 interface numbering is different than the 5512-X.
The 5510 uses "Ethernet 0/0" etc. (2 Gigabit interfaces available only with Security Plus license) while the 5512-X uses "GigabitEthernet0/0" etc.
So you would copy off the configuration from the old ASA (being careful to capture any pre-shared keys, certificates, AnyConnect images, VPN profile files, clientless SSL VPN customization etc.), edit the configuration file to reflect the new interface designations, update references to the ASA boot file and ASDM image file, and then copy it onto the new ASA.
09-13-2016 03:54 AM
Based on the below table: http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html#37856
Current ASA Version
|
||
---|---|---|
This is suggesting I upgrade the existing ASA to 8.4(5) and then to 9.1(3). I am however, not able to convert the existing 5510 ASA to 8.4.(5) as it is in a production environment.
Will I need to build the rules from the ground up?
thanks
09-13-2016 06:58 AM
Hi Nick,
The major changes with NAT rules and ACL comes between pre 8.3. and post 8.3.
Since you are already running on version 8.4.3, there would not be any changes related to NAT rules for which you are concerned.
Regards
Pradyumna
09-14-2016 01:23 AM
Thank you Pradyumna
09-13-2016 01:24 PM
The table you posted is for inline upgrade. The intermediate step is only required in such a case because of some changes in how the disk file system works.
Rules will not need to be re-built. However, your 5510 interface numbering is different than the 5512-X.
The 5510 uses "Ethernet 0/0" etc. (2 Gigabit interfaces available only with Security Plus license) while the 5512-X uses "GigabitEthernet0/0" etc.
So you would copy off the configuration from the old ASA (being careful to capture any pre-shared keys, certificates, AnyConnect images, VPN profile files, clientless SSL VPN customization etc.), edit the configuration file to reflect the new interface designations, update references to the ASA boot file and ASDM image file, and then copy it onto the new ASA.
09-14-2016 01:23 AM
Top stuff, thanks Marvin.
This was pretty much exactly what I was looking for.
09-14-2016 07:37 PM
You're welcome. Please mark your question as answered if it has been.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide