Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
0
Helpful
2
Replies

Port configuration from ASA5510 8.2(5) to ASA5515-X 8.6(1)

Go to solution
Phil Williamson
Level 1
Level 1

‎04-09-2014 11:25 AM - edited ‎03-11-2019 09:03 PM

I'm looking for the best solution to this problem:

Moving from one data center to another

Network is live/in-use at both DCs now

Old DC has ASA5510 v8.2(5)

New DC has ASA5515-X v8.6(1)

How can I best port the config from old to new?  Manually going thru line by line would take a while - the config is > 75k.  Needless to say the main concern is how NAT is handled.

One of the limiting issues is that I am remote (1000 miles) so I feel I have to have a solution that works first time since my customer is 3+ hours away from DC.

Does Cisco offer a conversion tool for this?

 

Suggestions?

Thanks - Phil

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-09-2014 06:48 PM

They recently started offering a tool for the conversion:

https://fwm.cisco.com/auth.do

Sign up for a free account. They do the conversion offline for you and send you a link to the converted configuration.

That said, if I had a config with 75k lines, I'd also invest in an entry license of SolarWinds FSM and run it though that looking for hidden or shadowed rules. 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-09-2014 06:48 PM

They recently started offering a tool for the conversion:

https://fwm.cisco.com/auth.do

Sign up for a free account. They do the conversion offline for you and send you a link to the converted configuration.

That said, if I had a config with 75k lines, I'd also invest in an entry license of SolarWinds FSM and run it though that looking for hidden or shadowed rules. 

0 Helpful

Go to solution
Phil Williamson
Level 1
Level 1
In response to Marvin Rhoads

‎04-11-2014 10:39 AM

Marvin,

I got the FWM acct setup and submitted my 8.2(5) config.  What I got back is not useful.

The accompanying conversion log file indicated all interfaces in the 8.2(5) config and their IPs, nameif and security-levels were ignored.  The resulting conversion config therefor had no NAT entries or anything to do with inside, outside or dmz  Is the tool supposed to do better than that?

I have a Security Plus ASA5505 in my lab so I took the original ASA5510 config and edited it so it would run on the 5505 - changed interfaces mostly.  I then did the 8.2(5) to 8.4 conversion and got a whole lot more useful result.  Did I miss something when using the Cisco FWM tool maybe?

Thx,

Phil

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card