cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1093
Views
0
Helpful
6
Replies

PIX 6.3 to ASA 5505 8.2

brentz
Level 1
Level 1

We have an old PIX that is running 6.3 software.  We wouldl lik eto move the configuration to an ASA running 8.2 software.  Is there an easy way to accomplish this without have to rekey all the commands?  Is it possible to tftp the old config to the new ASA?

Thanks

3 Accepted Solutions

Accepted Solutions

Hey there,

First of all, this should be in the FW section and not the VPN section, this is not VPN related question.

However, if I ware you I would start by upgrading my PIX to the latest 8.0.4 before I begin to insure that everything is migrated especially if you have certificates and you want to export them as exporting the certs is not supported on the PIX prior to 8.0 release, however if that is not needed upgrading to the latest 7.2 will do you good ... Then I would go through this link and follow the procedure there:

- http://www.cisco.com/en/US/docs/security/asa/migration/guide/pix2asa.html

HTH,

Mo.

View solution in original post

Patrick0711
Level 3
Level 3

Assuming you are using pre shared key authentication, everything should be interchangeable other than the isakmp key line which is coverted to a l2l type tunnel-group in 7.x+ code versions

View solution in original post

Marvin Rhoads
Hall of Fame
Hall of Fame

Cisco did put out a Pix-ASA conversion tool. Please see the Release Notes and then this link to download it.

I would advise, though, that is is a good time to clean up your Pix config. Validate all of your access-lists, NATs and VPNs. Clear out any of the unused stuff before moving it over to the ASA. Even if it's all good, validating and documenting it is a useful exercise.

Once you get it over, I'd move your ASA up to 8.4(3). Yes the NAT sysntax changes but you'll need to do it sooner or later. Why not now?

View solution in original post

6 Replies 6

Hey there,

First of all, this should be in the FW section and not the VPN section, this is not VPN related question.

However, if I ware you I would start by upgrading my PIX to the latest 8.0.4 before I begin to insure that everything is migrated especially if you have certificates and you want to export them as exporting the certs is not supported on the PIX prior to 8.0 release, however if that is not needed upgrading to the latest 7.2 will do you good ... Then I would go through this link and follow the procedure there:

- http://www.cisco.com/en/US/docs/security/asa/migration/guide/pix2asa.html

HTH,

Mo.

Thanks for the replies.  I appreciate the help.  The conversion tool looks like it will work great.

Patrick0711
Level 3
Level 3

Assuming you are using pre shared key authentication, everything should be interchangeable other than the isakmp key line which is coverted to a l2l type tunnel-group in 7.x+ code versions

Thanks for the replies.  I appreciate the help.  The conversion tool looks like it will work great.

Marvin Rhoads
Hall of Fame
Hall of Fame

Cisco did put out a Pix-ASA conversion tool. Please see the Release Notes and then this link to download it.

I would advise, though, that is is a good time to clean up your Pix config. Validate all of your access-lists, NATs and VPNs. Clear out any of the unused stuff before moving it over to the ASA. Even if it's all good, validating and documenting it is a useful exercise.

Once you get it over, I'd move your ASA up to 8.4(3). Yes the NAT sysntax changes but you'll need to do it sooner or later. Why not now?

Thanks for the replies.  I appreciate the help.  The conversion tool looks like it will work great.