Solved: The migration tool at http:/

Rizal Ferdiyan · ‎09-29-2011

Dear guys,

I have plan to migrate my firewall from 8.2 to 8.4. I have search in cisco docs, there a lot syntac configuration change in ASA 8.4. Is there any tool to migrate syntax from ASA 8.2 to ASA 8.4 ?

Thank u before.

Best Regards,

Rizal Ferdiyan

varrao · ‎09-29-2011

HI Rizal,

Thats correct, you can upgrade in multiple context as well, and it will upgrade it automatically.

You ca upgrade your old ASA first to 8.4, test it in the lab, compare the configuration and when it is correct, copy the startup config to the new ASA and use it as your running config. But you can try whihc ever method suits you.

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

varrao · ‎09-29-2011

Hi Rizal,

You can upgrade the version on a test environment first, and compare the nat statements and acl changes before putting it into the production environment. You can refer to these docs for it:

https://supportforums.cisco.com/docs/DOC-12690

Migration Guide:

http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html

You can use this doc as well.

If you need to get anything validated, you can also open a TAC case for it. AFAIK there is no migration tool for it since the ASA does migrate it automatically when you upgrade.

Thanks,

Varun

Thanks,
Varun Rao

Rizal Ferdiyan · ‎09-29-2011

Thank U Varun for your explanation, it help me so much ...

Btw, I have one more question if i have multiple context for ASA, let say i have 3 context : first context admin, 2nd context B and third context C. Is the upgrade process will automaticly convert all configuration ( 3 context configuration and system configuration) ?

Actually i don't do upgrade from one ASA, i do replace old ASA to new ASA. My old ASA have 8.2 software version and my new ASA have 8.4 software version. After i read your explanation i will downgrade my new ASA software version 8.4 to 8.2, after that i copy my old ASA configuration file to new ASA configuration file after that i will upgrade my new ASA software version to 8.4. Is my step correct or you have a better idea. Btw, i have plan to change my port configuration (old configuration : Gig0/2 --> INSIDE, Gig0/3 --> OUTSIDE, new configuration : Gig0/0 --> INSIDE, Gig0/1 --> OUTSIDE).

Best Regards,

Rizal Ferdiyan

varrao · ‎09-29-2011

HI Rizal,

Thats correct, you can upgrade in multiple context as well, and it will upgrade it automatically.

You ca upgrade your old ASA first to 8.4, test it in the lab, compare the configuration and when it is correct, copy the startup config to the new ASA and use it as your running config. But you can try whihc ever method suits you.

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

Davetech · ‎10-12-2017

Hi

I am in a similair position, but I have current ASA running 8.0 and need to upgrade to latest (9.8.2)

Any advice?

thanks

Dave

Davetech · ‎10-12-2017

Hi

I am in a similair position, but I have current ASA running 8.0 and need to upgrade to latest (9.8.2)

Any advice?

thanks

Claudio Monge · ‎06-05-2012

Good comments but I do not see the link to download the application. Can Someone share that link? I need to migrate 14 devices and I am not sure how works the ACLs and NATs.

varrao · ‎06-05-2012

Hi Claudio,

There is no tool for migration, but the firewall does it automatically when you change the boot parameters on the ASA and reload it with the 8.4 image. The firewall would do all the migrations itself. You can refer to the links above for complete information.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

bkoch1 · ‎09-10-2013

I tried the "no names" as part of the upgrade from 8.2(5) -> 8.3(2) -> 8.4(2) -> 8.4(7).

In the end, I ended up with a bunch of replicated entries

For example:

object network obj-10.3.254.5

host 10.3.254.5

object network obj-192.124.35.128

subnet 192.124.35.128 255.255.255.128

object network obj-192.124.35.0

subnet 192.124.35.0 255.255.255.128

All of these have names associated with them earlier in the startup config file. So what do I do, get rid of all these entries manually?

gauraku3 · ‎08-20-2015

Hi Rizal,

Cisco now has a migration tool for such migrations

Visit http://fwm.cisco.com/

Thanks & regards,

Gaurav Kumar CCIE# 49565
Cisco-TAC Engineer, Security Team

John Hinckley · ‎11-18-2015

The migration tool at http://fwm.cisco.com is gone. Why can't these tools ever stay up for longer than a few months? There used to be a NAT migration tool at http://gypsy.cisco.com and it's gone now too.

Ok the tool is still there, but it's httpS://fwm.cisco.com not http://fwm.cisco.com

Dustin Bieghler · ‎05-26-2016

Tool is still available - just slightly changed.

New link = https://fwm.cisco.com/auth.do

You can login using CCO credentials and select Firewall Migration from App Menu

Description of the tool can be found here:

https://marketplace.cisco.com/solutionsshowcase/companies/securview-inc/products/firewall-migration-solution-fwm--2

saahil khan · ‎12-01-2015

Is this available to partners or this is a seperate paid service. I have been trying for the past 2 days but no luck, the file just shows processing and processing and thats it. Has anyone able to successfully use this tool so far.

Sajjad

John Hinckley · ‎12-01-2015

It worked great for me. Saved me a bunch of time.

jkanclirzANM · ‎07-05-2016

How log did it take to complete from the Queue?

Tool for migrate ASA from 8.2 to 8.4