cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
505
Views
15
Helpful
3
Replies
Highlighted
Beginner

Migrating from old 5520's to New 5525X. Some basic advice and guideance please.

Hi Guys

 

I'll be doing a migration from a pair of 5520's in active/standby to 5520-X's. My firewall knowledge is very rusty so I have a few basic questions. 

 

1. I'm going from asa firmware 8.4 to 9.8. Will this be a simple copy and paste job or will i come across any command config issues? 

 

2. Can the public and private certificates be copied and pasted over too? Will they simply work as long as I have the same hostname and ip addresses or will i need to generate new public certificates? (a guide on how to do this would be great)

 

3. I will be configuring and firepower module and AMPS on top for the new firewalls. Never done this. Is this easy enough to do? or should I expect to experience a lot of pain? 

 

4. Anything else i should be weary of before attempting this huge feat? :) 

3 REPLIES 3
Highlighted
Enthusiast

Re: Migrating from old 5520's to New 5525X. Some basic advice and guideance please.

Hi,

1. The configuration should be pretty much the same, so I would try and copy paste and see if it throws any errors.
2. Answered here: https://supportforums.cisco.com/t5/vpn/move-ssl-cert-from-one-device-to-another-on-cisco-asa/td-p/2073892
3. Depends on your experience, but there is good guides how to deploy firepower and read release notes for compatibility and upgrade paths.
4. Take your time. :)

br, Micke
Beginner

Re: Migrating from old 5520's to New 5525X. Some basic advice and guideance please.

Hi Micke

 

Thanks for the reply.

 

Would it just be easier if I copied the 8.4 config to an ASA 5520, then upgraded to the last version of ASA which is 9.1 on the 5520 and then pasted this into the 5525X with ver 9.8? I read somewhere there were some ACL changes but i cant remember what version.

 

Thanks

 

 

 

Highlighted
Hall of Fame Guru

Re: Migrating from old 5520's to New 5525X

You may be thinking of 9.0(1) which changed the ACL syntax slightly to unify IPv4 and IPv6 ACLs.

 

So if you upgrade the old ASA to 9.0 you should then be able to paste the config directly into the new 5525-X.

 

Firepower is a separate undertaking but a basic setup is pretty easy. Just read through some of the getting started guides, Cisco Live presentations and the many how to videos on youtube and sme blogs (labminutes.com and network-node.com are particularly good).