Karthik

Thank you for the response.

I need to upgrade from disk0:/asa803-k8.bi. or is the 8.3 you referenced the same?

So i guess I need to know how to upgrade from 8.03 to 8.3

No the 8.3 that is mentioned is quite different from 803. There was a major rewrite of the ASA code that happened at the introduction of 8.3. The differences are especially evident in the processing of access lists and of doing address translation.

There was mention of a migration tool which was to help with the transition to 8.3. I tried that tool and found that it did not work well. (that was quite a while ago. If you are a real optimist you can hope that they have revised and improved it - but I would not count on it and would suggest that you do the transition manually).

I would suggest that you upgrade your code from 8.0(3) to 8.3 or 8.4 and then perhaps from that level to 9.1. You should be able to do that on your 5520 and you will need to resolve issues about changing syntax etc between those versions. Then if you have a config with 9.1 syntax you can move that config to the 5545X.

You may find the discussion about upgrading software in these release notes to be helpful

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.pdf

note that they suggest upgrading to 8.4(6) and from there to 9.1.

HTH

Rick

Rick

Thank you for the response.

I was able to locate an old 5510 that currently has version 8.24.

I have a text file with the current production ASA (5520) config. Would it possible to tftp that config from my computer to the Asa5510 and then issue a command to use that text file as running config?

Marvin

Thank you for the response

I have 103 access-list OUTSIDE_IN statements

I have (5)

nat (outside) 0 access-list outside_nat0_outbound_1

nat (outside) 2 access-list SIU_NAT outside

nat (outside) 1 10.5.x.0 255.255.255.0

nat (outside) 1 10.74.x.0 255.255.255.0

nat (outside) 1 10.75.x.0 255.255.255.0

What about these statements (100's of these)

access-list NAT_EXEMPTION

Doing it offline on a non-production unit to work through the changes is a good choice when you have that ability. Get a copy of the config before and after and compare them side-by-side with a diff tool like ExamDiff.

The one downside of using a 5510 is that it's interfaces are named a bit differently than a 5520 (or 5545-X) so you'll have to take that into account.

We'll be happy to help along the way - good luck..

W O W!!!!!!!!!!!!!!!!!

The difference between 824 and 8465 is monstrous.

What I have done so far

    Use the commands after each IOS upgrade

         term pager 0

         more system:running-config

     compared prior IOS to newer IOS

        -asa803 compared to asa824 was pretty close. easy enough to complete upgrade

        -asa824 to asa864 - HUGE!! difference. Alot of changes have the statement "created  

        during migration", but not all of them. Also, quite a few are not in same order as b4.

Should I have upgraded from asa824 to asa83x before jumping directly to 8465?

Please advise on how to compare 824 to 846 when they are so different

The difference between pre-8.3 and 8.3+ configuration files is unavoidable. It doesn't matter how small a step you take - when you cross that boundary the NAT syntax changes completely, access-lists refer to real IPs, etc.

Most people advise skipping past 8.3 (x) as it was a. pretty buggy and b. adds no value as an intermediate step.

To compare old-new configs you need to develop an understanding of how the syntax and concepts changed. Those of us who've done it a number of times advise taking the time to analyze your current configuration and taking the opportunity to re-do the NAT manually to better understand your running configuration.