cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2744
Views
0
Helpful
3
Replies

Copy Config to Another ASA

laurabolda
Level 1
Level 1

We have setup a Remote Access VPN, using Cisco VPN client in our test environment.  Everything is working properly.  We were able to login to Cisco VPN client and access the internal resources.  However, we want to copy the same config to another ASA.  We want to use the same group policies, same tunnel groups, etc.  We only need to change the IP address of the Outside interface and the default gateway of the Outside interface. Another word, we want to keep everything the same.  If we copy the same config to another ASA (production), do we need to change anything else?   Thanks.

3 Accepted Solutions

Accepted Solutions

Jitendriya Athavale
Cisco Employee
Cisco Employee

well yeah the nat rules, here is a small tip

get all the config and open it in a notepad, do a find for the public ip or public ip network and this will tell you what to replace

View solution in original post

i use an app called ConText (Freeware) for editing ASA/PIX configs, its awesome when you load in the free highlighter package for Cisco devices, its a must if you are manually editing configs in my opinion.

http://www.contexteditor.org/

If i remember from memory it is probably worth also removing all the certificate information that gets generated by the device when you enable encryption.

View solution in original post

b.julin
Level 3
Level 3

Don't forget to change the management address, otherwise ugliness ensues as the two boxes compete for it.

View solution in original post

3 Replies 3

Jitendriya Athavale
Cisco Employee
Cisco Employee

well yeah the nat rules, here is a small tip

get all the config and open it in a notepad, do a find for the public ip or public ip network and this will tell you what to replace

i use an app called ConText (Freeware) for editing ASA/PIX configs, its awesome when you load in the free highlighter package for Cisco devices, its a must if you are manually editing configs in my opinion.

http://www.contexteditor.org/

If i remember from memory it is probably worth also removing all the certificate information that gets generated by the device when you enable encryption.

b.julin
Level 3
Level 3

Don't forget to change the management address, otherwise ugliness ensues as the two boxes compete for it.