Solved

Transfer Configuration from ASA 5505

Posted on 2008-10-27
2
1,522 Views
Last Modified: 2012-05-05
I have a vexing problem.

My client is upgrading from a Cisco ASA 5505 to an ASA 5510 Security Plus unit. We don't want to type all of the commands over again so we backed up the running config from the 5505 using TFTP and Hyperterminal. Here's where the problem starts.
Upon copying the config to the 5510, a number of error messages occur. The 5510 unit featues a management port along with a different setup on the eth 0/x ports. The 5505 is running version 7.2(3). The 5510 is running version 7.0(7).
Should'nt this be a simple transfer of configuraitons?  If not, why not?
What must be done as far as transferring the configuration.
Thanks in advance!
0
Comment
Question by:terrytusvi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 22818200
The only difference is the interface numbering

5505 has something like this
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 180.10.1.253 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address xxx.xxx.x09.99 255.255.255.0
!
interface Vlan3
 nameif DMZ
 security-level 50
 ip address 10.10.10.254 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
 switchport access vlan 3
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
 switchport access vlan 3
!

Replace that section only with appropriate 5510 config:

!
interface Ethernet0
 speed 100
 duplex full
 nameif outside
 security-level 0
 ip address xxx.xxx.x09.99 255.255.2550
!
interface Ethernet1
 speed 100
 duplex full
 nameif inside
 security-level 100
 ip address 192.168.99.1 255.255.255.0
!
interface Ethernet2
 speed 100
 duplex full
 nameif DMZ
 security-level 50
 ip address 192.168.100.1 255.255.255.0  
!
0
 
LVL 6

Accepted Solution

by:
clearacid earned 250 total points
ID: 22819190
The ASA 5505 is a small soho firewall - basically it's a switch doing intervlan routing......  That's the way I see it....

The ASA5510 is more of a small business / medium business gateway firewall - their interfaces are different.

The ASA5505 you name interfaces vlans....  The ASA5510 you name interfaces by interface number

Make sense?  

So if you have a NAT tied to lets say interface vlan 1 on the ASA - and your outside interface is eth0 on the ASA5510 - you need to rename vlan 1 to eth0.

I would dump the config in a text file and just do a find / replace for interface vlan X with the interface you want to nameif on the 5510.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question