Dear Neno,

jack samuel · ‎04-10-2016

Dears

I am migrating my asa 8.2 code to asa5525-X 9.4 version i want to know the existing remote vpn will have any issue after migrating or they can still connect by their old vpn software.

Also for the Site-to-Site vpn do i have to take care of any commands for version code 9.4 .

Thanks

nspasov · ‎04-10-2016

Hi Jack, there are a few things that you will need to complete:

1. You will have to perform an interim upgrade to 8.4 before upgrading to 9.4:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html

2. There were some major changes from 8.2 code to 8.3 and above. The ones that you will need to worry about are:

- No more nat-control (feature is no longer there)

- NAT is changed to object based (No more "global" command)

- The ACLs now reference the "real" or un-NATed IP address)

There is a very nice document that was posted on this forum:

https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

I hope this helps!

Thank you for rating helpful posts!

jack samuel · ‎04-11-2016

Dear Neno,

thanks for the document I have already migrated the configuration and I am aware of the 8.3 NAT configuration, and I have followed the upgrade path from the release notes only I want to know the below VPN query

The existing remote vpn will have any issue after migrating or they can still connect by their old vpn software.

Also for the Site-to-Site vpn do i have to take care of any commands for version code 9.4

jack samuel · ‎04-11-2016

Dear Experts,

Please reply

jack samuel · ‎04-18-2016

Dear Neno,

the Firewall was not live that's the reason i was asking these question, after migrating i faced challenges to change the password for all the VPN,, now i want to configure anyconnect vpn with host scan can you route me to the configuration example if any from cisco.

thanks

nspasov · ‎04-19-2016

I recommend two sources:

1. Cisco's ASA Configuration Guides:

http://www.cisco.com/c/en/us/support/security/virtual-adaptive-security-appliance-firewall/products-installation-and-configuration-guides-list.html

2. Lab Minutes technical videos:

http://www.labminutes.com/video/sec/SSL%20VPN

I hope this helps!

Thank you for rating helpful posts!

Marius Gunnerud · ‎04-19-2016

There are some configuration changes between 8.2 and 9.4 with regard to IPsec site2site.

crypto isakmp policy is now crypto ikev1 policy or crypto ikev2 policy depending on which version you are using.

also transform set confguration is changed a little. it is now crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac . Also, when applying the transform set to the crypto map you need to specify ikev1 (crypto map MYMAP 1 set ikev1 transform-set ESP-DES-SHA

you also need to apply crypto ikev1 enable outside

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

nspasov · ‎04-12-2016

Hello Jack-

I am not aware of anything that you will need to adjust with regards to RA-VPNs and Site-to-site VPNs.

You said that you already completed the migration. If so what are the issues that you are having with the VPNs?

Thank you for rating helpful posts!

VPN asa 5525-X