04-09-2014 11:25 AM - edited 03-11-2019 09:03 PM
I'm looking for the best solution to this problem:
Moving from one data center to another
Network is live/in-use at both DCs now
Old DC has ASA5510 v8.2(5)
New DC has ASA5515-X v8.6(1)
How can I best port the config from old to new? Manually going thru line by line would take a while - the config is > 75k. Needless to say the main concern is how NAT is handled.
One of the limiting issues is that I am remote (1000 miles) so I feel I have to have a solution that works first time since my customer is 3+ hours away from DC.
Does Cisco offer a conversion tool for this?
Suggestions?
Thanks - Phil
Solved! Go to Solution.
04-09-2014 06:48 PM
They recently started offering a tool for the conversion:
https://fwm.cisco.com/auth.do
Sign up for a free account. They do the conversion offline for you and send you a link to the converted configuration.
That said, if I had a config with 75k lines, I'd also invest in an entry license of SolarWinds FSM and run it though that looking for hidden or shadowed rules.
04-09-2014 06:48 PM
They recently started offering a tool for the conversion:
https://fwm.cisco.com/auth.do
Sign up for a free account. They do the conversion offline for you and send you a link to the converted configuration.
That said, if I had a config with 75k lines, I'd also invest in an entry license of SolarWinds FSM and run it though that looking for hidden or shadowed rules.
04-11-2014 10:39 AM
Marvin,
I got the FWM acct setup and submitted my 8.2(5) config. What I got back is not useful.
The accompanying conversion log file indicated all interfaces in the 8.2(5) config and their IPs, nameif and security-levels were ignored. The resulting conversion config therefor had no NAT entries or anything to do with inside, outside or dmz Is the tool supposed to do better than that?
I have a Security Plus ASA5505 in my lab so I took the original ASA5510 config and edited it so it would run on the 5505 - changed interfaces mostly. I then did the 8.2(5) to 8.4 conversion and got a whole lot more useful result. Did I miss something when using the Cisco FWM tool maybe?
Thx,
Phil
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide