Thanks for the link I believe we had referenced that somewhat but I'll dig into it more thoroughly.

We had our configs matched up as far as we could tell but when we tried to cutover we had no outside access. Same port, same address, same cable even...able to ping inside from the ASA management port, but couldn't get any outside addresses.

Did you bother to reboot your outside gateway I.E. upstream router?

Your mac address changed when you went to the ASA from the PIX and you have the same ip....

Bet that works.

-C

Yes, we actually brought all of our equipment offline for the cutover and restarted everything in stages.

I've found the pix to asa conversion tool does some wierd things with the config, particularly in the order of commands. It placed all of my nat entries before the actual nat command, so they all return as invalid. I'm massaging the output now so it's in the correct order and will see what happens.

I'm doing this all through the CLI as I have read mixed reviewes of the ASDM - which is better?

I actually really like ASDM especially newer versions like 6.x..

Only issue I ever run into is sometimes the log freezes but I am a huge fan.

If you want you can share the config and I can take a peek at it..

Really pix to ASA should be almost as simple as cut and paste depending on the features you are using on the PIX.. Obviously if your using an old version conduits and outbounds don't work but ACL's should eb fine..

-C

Much appreciated. I'm still 'massaging' the output from the OCC and migration tool. I'm not sure when we'll have a chance to test again, since downtime here is a rare commodity.

If this run doesn't work I'll definitely post some configs for some further input.