Solved: Migration from ASA 5512-X to ASA 5516-X

Thierry4142 · ‎10-12-2017

Hello,

I have to migrate an ASA 5512-X HA-Pair (Active-Passive) to an 5516-X HA-Pair (active-passive).

I wonder if I just could copy and paste parts of the actual 5512-X configuration (network-objects, access-lists, nat, group-policies, ..) to the 5516-X?

Thx

Thierry

Karsten Iwen · ‎10-12-2017

It depends ...

If you only do firewalling, you can take the config, replace the interface HW-IDs (Gig0/0 on the 5512 would be Gi1/1 on the 5516) and paste it in. For SSH you have to generate new keys with the wanted key-length.

If you use VPN, there can be additional files in flash that have to be copied.

View solution in original post

Karsten Iwen · ‎10-12-2017

If there are "boot system" commands on the old ASA, remove them as the 5516-X uses different images. Also adapt the "asdm image" command to what is used on the 5516.

View solution in original post

Karsten Iwen · ‎10-12-2017

It depends ...

If you only do firewalling, you can take the config, replace the interface HW-IDs (Gig0/0 on the 5512 would be Gi1/1 on the 5516) and paste it in. For SSH you have to generate new keys with the wanted key-length.

If you use VPN, there can be additional files in flash that have to be copied.

Thierry4142 · ‎10-12-2017

Hi Karsten

thank you for the answer.

As we will only do firewalling I will go on as you mentioned.

Regards

Thierry

Karsten Iwen · ‎10-12-2017

If there are "boot system" commands on the old ASA, remove them as the 5516-X uses different images. Also adapt the "asdm image" command to what is used on the 5516.

rjaviles · ‎10-29-2018

Hello Thierry4142, we plan on upgrading our ASA 5512 to ASA 5516, please share your experience with your upgrade. Thanks!