Solved

Cisco ASA upgrade to 8.3 is there a utility to run the config through to test the NAT changes?

Posted on 2011-02-22
7
5,645 Views
Last Modified: 2012-05-11
I'm running 8.2 on my ASAs now and I'd like to install 8.3, but I'm nervous about doing so with the new NAT changes.  Is there a utility that I can run my config through to see what the output will be when 8.3 reconfigures it and also if there will be any errors?  That would make me feel much better about the upgrade.
0
Comment
Question by:jpletcher1
  • 3
  • 2
  • 2
7 Comments
 
LVL 12

Accepted Solution

by:
Hilal1924 earned 125 total points
ID: 34952607
Hi IPLetcher:

I don't think you need to worry too much. The NAT-Control Command is no longer supported and neither is the global/translated IP for NAT. All you need to do is follow the below article and everything should turn out to be fine.

https://supportforums.cisco.com/docs/DOC-12690

There is a firewall migration tool avialable from cisco which is only available to Customers with valid CSO account. Try that if you have an account on Cisco.

Best Of Luck,

Hilal
0
 

Author Comment

by:jpletcher1
ID: 34952908
Thanks, I do have a Cisco account.  Can you send me the link to the tool?  Is it just a tool for PIX to ASA or Other Firewall to ASA migrations?  Or can you use it for seeing what would happen when upgrading from one Cisco IOS to a newer IOS?
0
 
LVL 34

Assisted Solution

by:Istvan Kalmar
Istvan Kalmar earned 125 total points
ID: 34952951
Please refer this page:

http://www.petenetlive.com/KB/Article/0000247.htm
If you upgrading ASA automatically convert the commands to the new image!
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:jpletcher1
ID: 34952987
I do understand that the upgrade will take care of the changes in syntax for me.  I do know though that there can be hangups during an upgrade if there are problems with the 8.3 upgrade not being able to fully translate.  So I was hoping to run my exising 8.2 config through a utility or something and see what the 8.3 output would be, and if there would be any errors.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34953023
I've found a problem:
http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/A_3938-ASA-8-2-to-8-3-nonat-migration-probem.html


If you feel there is a migration problem after hardware upgrade, view the errors with:
hostname# show startup-config errors
0
 
LVL 12

Expert Comment

by:Hilal1924
ID: 34953248
Yes I agree  the issues that you face while migrating can be only related with Nat Control and Object Model. While these errors do not bring down your configuration they can be very severe when trying to figure out where the problem is. So it is better to understand the new changes in ASA and then Migrating. And Also please follow the link that I posted in my first comment.
0
 

Author Closing Comment

by:jpletcher1
ID: 35039959
Thanks guys, I will go off the articles and keep my fingers crossed.  I have an active and standby unit, so it shouldn't be too risky to update one and see how it goes before I do the other.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OSPF - Convergence & Downtime 9 77
Cisco RV042G 4 18
Voice VLANs across Metro-E 4 38
Can VBS count the number of items in an array 8 54
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question