Solved: Re: ASA Config file question

scolivan · ‎11-15-2019

Hello,

I wanted to see if it was possible to use a config file from one ASA, a 5545 in this case, on a different one that's intended to be used in a lab environment. The second ASA is a 5508 in this case.

Secondly, is it possible to edit a config before restoring it to the secondary appliance? I'm fairly new to this, and I don't mind doing it bit by bit, but there's a lot of objects and rules to recreate.

Rob Ingram · ‎11-18-2019

I guess it depends on your current ASA code version, if 8.2 or lower the syntax changed considerably. From memory older versions used to reference isakmp, but on newer code it is isakmp is now ikev1. Interface numbering may have changed if different hardware.

Yes, I would copy sections - objects, ACL, interfaces, routing, crypto etc and ensure there were no import errors.

HTH

View solution in original post

Rob Ingram · ‎11-15-2019

Hi,

Yes you can copy configuration from one ASA to another. You should try to ensure the ASA code is similar on the 5508 to the 5545 as some syntax may have changed, but in the main you should be ok.

Yes you can edit the configuration, you will just be copying and pasting, so you can edit object names, ACLs, interfaces etc.

HTH

scolivan · ‎11-15-2019

Hi RJI,

That's good to know. In this case the 5508 is basically a fresh set up, but how exactly will I go about doing this? Is there a utility I can use? Does it have to be via CLI or can I do so via GUI with ASDM itself? Is there a program required to edit the config or can it just be done via any word processing program?

Rob Ingram · ‎11-16-2019

Hi,
Normally when migrating between ASAs I would export the current running configuration, edit in notepad and just copy and paste to the new ASA. In notepad you can easily make any modifications necessary before applying to the new ASA.

HTH

scolivan · ‎11-18-2019

Sorry, one bit I wanted to clarify:

In this case where you mention copying between ASAs, is it possible that I could do so via the import/restore feature within the ASDM application?

Rob Ingram · ‎11-18-2019

I never use the ASDM, I prefer the CLI, but I see no reason why you could not import via ASDM. You should be careful though if the ASA firmware is different, the syntax may have changed between versions for some of the commands or interfaces maybe different - this may cause the import to fail.

I would personally copy and paste only the sections required rather than imported the entire config.

scolivan · ‎11-18-2019

That's an excellent point. As I've been looking at the steps that would be needed I've found they're differing versions of firmware.

I'll try and copy the pieces I need to speed things up instead. Is any special syntax needed in those cases or can I just copy an entire section for say, network objects or access lists, and paste it into the other ASA so long as it's in config mode?

Rob Ingram · ‎11-18-2019

I guess it depends on your current ASA code version, if 8.2 or lower the syntax changed considerably. From memory older versions used to reference isakmp, but on newer code it is isakmp is now ikev1. Interface numbering may have changed if different hardware.

Yes, I would copy sections - objects, ACL, interfaces, routing, crypto etc and ensure there were no import errors.

HTH

scolivan · ‎11-18-2019

Neither is on 8.2. I'll try and see if it works. Thank you very much for the insight, RJI.