Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
722
Views
0
Helpful
4
Replies

Migration PIX525 7.0(4) to ASA5525-X 8.6.1

Go to solution
guigonza
Level 1
Level 1

‎07-27-2013 10:33 PM - edited ‎03-11-2019 07:18 PM

Hi ...

Please your advise and help ...

I have a cluster of PIX525 with 7.0(4), some days ago the Primary PIX failed and it was impossible to startup again.

The failover worked and the PIX Secondary worked ... but this Secondary has a fail and every day at 11:00 AM restart without apparent reason.

We bought a new ASA clusters,  two 5525-X but this new firewalls have 8.6.1 software ...  I know the migration between 7.0 and 8.6 its hard, I was trying but the configuration of this firewalls are very complex (at least 1500 lines access-lists).

I know about the differences in static, global, nat and access-list but I would like to have any cook book or quick reference manual to do this migration.

Is there any tool or suggestion to make this migration ?

I'll appreciate any help to do this ...

Thanks ...

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎07-27-2013 11:44 PM

Hello,

Yes, you have a lot of work to do

https://supportforums.cisco.com/docs/DOC-9129

https://supportforums.cisco.com/docs/DOC-12690

My recommendation would be get familiar with the new configuration and then start working on it,

For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/


Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎07-27-2013 11:44 PM

Hello,

Yes, you have a lot of work to do

https://supportforums.cisco.com/docs/DOC-9129

https://supportforums.cisco.com/docs/DOC-12690

My recommendation would be get familiar with the new configuration and then start working on it,

For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/


Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
guigonza
Level 1
Level 1
In response to Julio Carvajal

‎07-28-2013 11:33 AM

Thanks Julio ...

I had checked the information in the links you sent.

I'll do the analysis for migration.

Guillo.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-28-2013 08:06 AM

In addition to Julio's good advice, I would use the opportunity to clean up the access-lists. At 1500 lines there is very likely a fair amount of unused and incorrect entries. Since you were running Pix 525 with 7.0(4) I would guess that those firewalls were not given much "love".

You can use some tools such as Cisco Security Manager and SolarWinds Firewall Service Manager to import your Pix configuration and analyze access-lists for duplicate, shadowed and unused rules. Both of those products have trial versions that you could use to perform analysis of a single firewall.

0 Helpful

Go to solution
guigonza
Level 1
Level 1
In response to Marvin Rhoads

‎07-28-2013 11:35 AM

Thanks Marvin ...

Good idea about Cisco Security Manager for analyze the configuration,  I know this is a horrible configuration and it's no easy to clean it.

Guillo.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card