06-14-2018 06:49 PM - edited 03-12-2019 05:22 AM
Few question, we have a asa 5516x that we got replaced due to the clock issue. I've got the licenses moved to the new one so that part is done. But my next question is if I take the SSD out of the old unit and put it in the new unit will the config move over or should I copy and paste the config from the old one to the new one via cmd line?
Either way of doing that will I need to create a new CSR and get a new SSL cert for the VPN as well?
Thank you
06-14-2018 11:39 PM
The configuration is saved on disk0 (internal flash memory), not the SSD. So you will have to restore the configuration from the old unit.
The SSL certificate can be backed up and transferred if you also move the private key but it's often easier to just create a new CSR and have your CA reissue a new certificate.
If you were using the Firepower service module you will have to reconfigure it on the new appliance and re-register and apply policies to it.
06-15-2018 07:15 AM
Thank you for the reply. I did a backup using ASDM then copied the zip file to the new ASA using the ASDM restore feature. It shows the certificates, would it of got the private key as well do you think or anyway to check before I put this in production?
Thank you for the help!
06-15-2018 09:49 PM
If you did a full backup it would include the identity certificate and associated preshared key munged into a PKCS12 file.
You can restore it to the target appliance and connect to it directly using an Ethernet cable from your computer to the outside interface. Manually set your address to be the ASA's outside gateway address and create a host file entry for the VPN portal (e.g. the ASA outside address). Browse to the portal and make sure you don't get any certificate warnings.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: