[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 938
  • Last Modified:

Migration from Cisco PIX515 6.3(5) to Cisco ASA 5510 7.0 (7)

I'm getting ready to replace my PIX515 with an ASA 5510 and I was wondering if there is a better method than the Cisco documentation for upgrading the configuration. Ideally I would like to load the 515 configuration into the 5510. Any advice would be greatly appreciated. Thanks,
0
MISCorpIT
Asked:
MISCorpIT
  • 2
2 Solutions
 
Pete LongConsultantCommented:
There a re quite e few different config differences between version 6 and version 7 don't go and load the pix config on a new ASA it will error and your VPN's will break.

I suggest you upgrade the PIX from v6 to v7

PIX 500 Security Appliance 6.x to 7.x Software Upgrade Procedure PIX 500 Security Appliance 6.x to 7.x Software Upgrade Procedure
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml

And Id also upgrade the ASA to at least version 7.2(2) the earlier versions are very buggy, see my site here
http://www.petenetlive.com/Tech/Firewalls/Cisco/updateasacli.htm

Even then the configs would be slightly different as pix and asa have subtle differences - but then you could run them side by side and slowly migrate the config from one to another - whenever I replace a firewall I like to start from scratch cause you can bet the old one has a load of config thats no longer needed - or is redundant :)

Pete

0
 
lrmooreCommented:
I agree with Pete's suggestion. You cannot in any way use the existing config of your PIX 515 on the new ASA. They are totally different formats.

You can upgrade the 515 to 7.0(x). The simple upgrade procedure will re-format and automatically convert your existing config. Then you can simply copy the config to the ASA. Then you have the option to update the ASA OS. 8.0 is pretty slick with lots of new features and a really nice GUI... you have to be careful, though because Cisco keeps taking out/putting back/taking out support for things like PPTP/L2TP VPN.
0
 
Pete LongConsultantCommented:
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now