Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1478
Views
0
Helpful
1
Replies

Migrating ASA 5510 to ASA 5505

Karsten Kemper
Level 1
Level 1

‎05-08-2013 05:13 AM - edited ‎03-04-2019 07:50 PM

Hello together,

for testing purposues i wanted to exchange a running ASA 5510 with a ASA 5505.

I can't get it working so far and i can't see where the problem is, hopefully there is an expert here, i am kinda new to cisco.

I included the running configs from both the ASA 5510 and the new configured ASA 5505.

Thanks alot in advance and for taking the time!

On the running ASA 5510 there is:

one interface for WEB

static IP xx.xxx.xxx.178

route  0.0.0.0 xx.xxx.xxx.177

one interface for INTERN

static IP 172.16.0.1

Network Object

owncloud 172.16.0.4

ext181 xx.xxx.xxx.181

running-cfg for ASA5510

-----------------

: Saved

:

ASA Version 9.1(1)

!

hostname xxxxxxxx

xlate per-session deny tcp any4 any4

xlate per-session deny tcp any4 any6

xlate per-session deny tcp any6 any4

xlate per-session deny tcp any6 any6

xlate per-session deny udp any4 any4 eq domain

xlate per-session deny udp any4 any6 eq domain

xlate per-session deny udp any6 any4 eq domain

xlate per-session deny udp any6 any6 eq domain

!

interface Ethernet0/0

nameif INTERN

security-level 100

ip address 172.16.0.1 255.255.0.0

!

interface Ethernet0/1

nameif WEB

security-level 0

ip address xx.xxx.xxx.178 255.255.255.240

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

management-only

nameif management

security-level 100

ip address 192.168.1.2 255.255.255.0

!

boot system disk0:/asa911-k8.bin

ftp mode passive

dns domain-lookup WEB

dns server-group DefaultDNS

name-server xx.xxx.xxx.177

object network OwnCloud

host 172.16.0.4

object network EXTADR-181

host xx.xxx.xxx.181

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network obj-0.0.0.0

host 0.0.0.0

object network obj_any-01

subnet 0.0.0.0 0.0.0.0

object-group service DM_INLINE_TCP_1 tcp

port-object eq https

port-object eq www

access-list INTERN_nat0_outbound extended deny ip 172.16.0.0 255.255.0.0 any4

access-list WEB_access_in extended permit tcp any4 object OwnCloud object-group DM_INLINE_TCP_1 log debugging

pager lines 24

logging enable

logging asdm informational

mtu INTERN 1500

mtu WEB 1500

mtu management 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-711.bin

no asdm history enable

arp timeout 14400

no arp permit-nonconnected

!

object network OwnCloud

nat (INTERN,WEB) static EXTADR-181

object network obj_any

nat (INTERN,WEB) dynamic obj-0.0.0.0

object network obj_any-01

nat (management,WEB) dynamic obj-0.0.0.0

access-group WEB_access_in in interface WEB

route WEB 0.0.0.0 0.0.0.0 xx.xxx.xxx.177 1

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

http server enable

http 192.168.1.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association pmtu-aging infinite

crypto ca trustpool policy

telnet 192.168.1.160 255.255.255.255 management

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 172.16.7.1-172.16.7.254 INTERN

dhcpd dns 62.222.18.8 interface INTERN

dhcpd enable INTERN

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:0154e95b11502f7732d8ad41f44ffcba

: end

asdm image disk0:/asdm-711.bin

no asdm history enable

running-cfg from ASA 5505

-------------------------

: Saved

:

ASA Version 8.4(4)

!

hostname xxxxxxx

names

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

shutdown

!

interface Ethernet0/3

shutdown

!

interface Ethernet0/4

shutdown

!

interface Ethernet0/5

shutdown

!

interface Ethernet0/6

shutdown

!

interface Ethernet0/7

shutdown

!

interface Vlan1

nameif INTERN

security-level 100

ip address 172.16.0.1 255.255.0.0

!

interface Vlan2

nameif WEB

security-level 0

ip address xx.xxx.xxx.178 255.255.255.240

!

ftp mode passive

object network owncloud

host 172.16.0.4

object network ext181

host xx.xxx.xxx.181

object-group service DM_INLINE_TCP_1 tcp

port-object eq www

port-object eq https

access-list WEB_access_in extended permit tcp any object owncloud object-group DM_INLINE_TCP_1

pager lines 24

mtu INTERN 1500

mtu WEB 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

!

object network cloud

nat (INTERN,WEB) static ext181

access-group WEB_access_in in interface WEB

route WEB 0.0.0.0 0.0.0.0 46.245.217.177 1

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication http console LOCAL

http server enable

http 172.16.0.100 255.255.255.255 INTERN

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet timeout 5

ssh timeout 5

ssh key-exchange group dh-group1-sha1

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

username xxxxxxx password 7JwaBTv0MbD7ctub encrypted privilege 15

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect ip-options

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny 

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip 

  inspect xdmcp

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:7a4a1a1d8a636c5f91ab897d201e516f

: end

no asdm history enable

Labels:
0 Helpful
1 Reply 1

blau grana
Level 7
Level 7

‎05-12-2013 12:59 PM

Hello Karsten,

I would suggest to move your thread to [link below] and close discusion here.

https://supportforums.cisco.com/community/netpro/security/firewall

There are guys in firewall section who have done this bilion times and I am sure they will be happy to help you.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card