03-09-2016 01:03 PM - edited 03-12-2019 12:27 AM
Hello Cisco Security Community,
I come to you for your help in understanding the code differences between ASA 8.3(1) and 9.1(1) code. We are moving from the 5520 ASA's to our new 5515-X ASA's. One of our sites is running ASA 8.3(1) (which I know is old!). To ensure that no changes are performed from our current production ASA's to our new ASA's I am using the ASDM to perform a back up of the ASA at code 8.3(1) and restore it into our new ASA's 5515-X. I understand that I need to update our current ASA's to code 9.x (8.3 > 8.4 > 9.1) in order to restore its configuration in our new ASA's, but, for my understanding, I noticed during my research that there were many changes from code 8.3 to 9.5. My thought is to update the current ASA to code 9.1(1) in order to perform a backup that I can use in our new ASA's. Initially I was going line by line through the CLI and notice that in code 9.5(2), the subcommand "policy" within the "crypto isakmp" command does not exist. My options are as follows...
ASA(config)# crypto isakmp ?
configure mode commands/options:
disconnect-notify Enable disconnect notification to peers
identity Set identity type (address, hostname or key-id)
nat-traversal Enable and configure nat-traversal
reload-wait Wait for voluntary termination of existing connections
before reboot
My question is, to what this command converted to? What would be the correct interpretation of the "crypto isakmp policy" command in the new 9.5(2) code?
Your help will be greatly appreciated!
03-09-2016 01:51 PM
It has been changed to "crypto ikev1 policy". this is because now we need to define whether it is ikev1 or ikev2.
--
Please remember to select a correct answer and rate helpful posts
03-09-2016 02:27 PM
Thank you Marius.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide