Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
372
Views
0
Helpful
2
Replies

Restoring running-config from a Cisco ASA 5510 to a Cisco ASA 5512

jonathanbaird
Level 1
Level 1

‎03-24-2017 03:38 AM - edited ‎03-12-2019 02:07 AM

Hi,

I have a task to migrate a Cisco ASA from a 5510 model to a 5512 model. The current firmware on the 5510 is 8.2.1 which I understand is using the old NAT rules. I have a spare 5510 which I have put the 8.2.1 firmware onto and I plan to restore the current running-config to this firewall. I am then going to run through the upgrade path to bring the spare 5510 up to the latest firmware (which should convert all the NAT rules) and from there restore the running config to the 5512 - all being well! My question is, are there any considerations I need to make before doing this? I have just started a new job and this is the first task I have been assigned so would like to get it spot on without running into any issues - or at least as few as I possibly can.

I did a bit of a test with this last night but after a restored the running config, I found the password I had used on the original 5510, no longer worked on the spare 5510 I am using for testing, do I need to remove the passwords before restoring the running-config? I'm sure there is an obvious reason for this but can somebody please advise why this would be. I am fairly new to Cisco ASA's but I need to be fairly up to speed to this task I have been set! If anybody can foresee any issues with this plan could you please let me know and if possible please advise on a better solution without having to configure the new firewall from scratch. 

Thank you in advance.

Jonathan.

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎03-24-2017 03:59 AM

Although the NAT-config is migrated automatically, I always configure it completely new from scratch when upgrading an old device. IMO the migrated config is just a mess and it's a good opportunity to clean that up.

Your passwords should still work after the upgrade. If you have other keys like VPN-PSKs or radius shared-secrets, make sure that you don't use the running-config as these keys are only shown as stars. Use the startup-config or the output of "more system:running-config" for the migration.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-24-2017 08:53 PM

On the 5512-X, interface names are all GigabitEthernetx/x.

That needs to be taken into account before you try to load in a configuration from a 5510 which has non-gigabit interfaces.

The boot image will have a different version and name. All 5500-X series use the boot image with 'smp' in the name (symmetric multiprocessor denoting it is for a device with a multi-core CPU).

Any certificates will need to either be re-installed unless the private key is also migrated. Also any files like AnyConnect images and VPN profiles need to be copied over manually. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card