Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
351
Views
0
Helpful
2
Replies

Replacing ASA5520 w/8.2 with ASA5515X w/9.4

terry.w.tuck
Level 1
Level 1

‎11-09-2015 10:54 AM - edited ‎03-11-2019 11:51 PM

I'm new to Cisco ASAs, and have the task of replacing older 5520s with out-of-the-box 5515Xs.  I'd like to do a direct swap-out replacement, using a minimally revised startup-config from the older ASA, but I'm guessing that there are differences between the commands in ASA 8.2 vs ASA 9.4.  Would someone please point me in the right direction for learning about if there are tools (e.g., startup-config "updater", or virtual ASA for processing the startup-config) for proactively checking for problems that the 9.4 interpreter would have with the 8.2 startup-config?

I'd also appreciate any comments/direction/references to the overall approach for a swap-out.

Maybe I could put the 5515 on a bench w/no connection and reload the 5520 startup?  If it "crashes", can I recover?

Thanks in advance!

Labels:
0 Helpful
2 Replies 2

James Leinweber
Level 4
Level 4

‎11-09-2015 11:28 AM

There are two very big differences between 8.2 and 9.4:

1) at 8.3 the NAT stuff was completely redone along radically different lines.  The new style uses primary the newfangled "network object"s, preceeded by phase I "twice NAT" and followed by phase III "twice NAT"; there are no more global statements.

2) at 9.0 the IPv6 integration was completely redone, with separate v4 and v6 access lists abolished by merging them and the "any" keyword redefined to be dual-stack.

I haven't tried directly feeding an 8.2 config into 9.4 firmware, so I'm not sure how well it would auto-update.  By all means, try it - make a backup copy of your factory default 9.4 config, scp or tftp or usb copy in the 8.2 config, and copy the 8.2 version over the startup-config followed by a reload without a preceding "write memory"..  Assuming you have physical access to the 5515-x, there are enough ways to recover from any problems that you can definitely recover.

My advice, having gone from 8.2 on a 5520 to 9.2 on a 5525-x by way of 8.4.6 in a test lab is that you are best off using the auto-updated config as a guideline to a from-scratch rewrite.

Good luck with it,

-- Jim Leinweber, WI State Lab of Hygiene

0 Helpful

Akshay Rastogi
Cisco Employee
Cisco Employee

‎11-10-2015 01:10 AM

Hi Terry,

There is a public tool made available to customers. You just need to login with your cco id and your are good to go :

https://fwm.cisco.com/auth.do;jsessionid=80A10FB9C79C07D120D7109E7488D3F3#dashboard:1

There is one documenation once you login(click on Firewall Migration and then my Dashboard) which gives you instruction on how to convert your ASA configuration for 5500 series running 8.2 to -x series running 9.2.1 (it would give you option from 5525-x in target platform, you can select that(there would not be an issue as you are having 5515-x).

Follow the instructions mentioned in the doc. 

Once you get the 9.2.1 configuration, load it on your asa5515-x and then upgrade your asa to version 9.4.1

If there is any issue in some traffic not working; I would recommand to open a TAC case.

Hope it helps.

Regards,

Akshay Rastogi

Remember to rate the helpful posts and mark the answer as correct if it answers your query.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card