platys
asked on
How to upgrade the Cisco ASA 5505 to 5540
Hi Friends,
We have Cisco ASA 5505 firewall and its in operational but now I want to replace it with Cisco 5540 but most of the command is not working on CIsco 5540 , I want same configuration on Cisco 5540 which is existing on CIsco 5505. can anyone please help me
Regards
Vikrant
We have Cisco ASA 5505 firewall and its in operational but now I want to replace it with Cisco 5540 but most of the command is not working on CIsco 5540 , I want same configuration on Cisco 5540 which is existing on CIsco 5505. can anyone please help me
Regards
Vikrant
Don Johnston
What IOS version are you running on the 5505 and what version on the 5540? I suspect that's the source of your issues.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
Thanks for responce, version as below
ASA 5505
Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(5)
ASA 5540
Cisco Adaptive Security Appliance Software Version 8.0(3)
Device Manager Version 7.2(1)
Thanks for responce, version as below
ASA 5505
Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(5)
ASA 5540
Cisco Adaptive Security Appliance Software Version 8.0(3)
Device Manager Version 7.2(1)
ASKER
Hi Ralph,
Thanks for Responding, Below is my interface configuration of 5505 and Now same I want on 5540 but I am unable to create VLAN on 5540 and its saying invalid if i copy paste the same Please help me
interface Ethernet0/0
description uplink from switch
speed 100
duplex full
!
interface Ethernet0/1
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/2
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/3
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
nameif outside
security-level 0
ip address 180.149.246.31 255.255.255.0
!
interface Vlan2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
Thanks for Responding, Below is my interface configuration of 5505 and Now same I want on 5540 but I am unable to create VLAN on 5540 and its saying invalid if i copy paste the same Please help me
interface Ethernet0/0
description uplink from switch
speed 100
duplex full
!
interface Ethernet0/1
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/2
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/3
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
nameif outside
security-level 0
ip address 180.149.246.31 255.255.255.0
!
interface Vlan2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
Hi,
it is because the logic is different ! On 5505 you map vlan on asa5505 switch interfaces, because it is right a switch.
On 5540 the ports are not switchports, but they are really ethernet ports.
So you do not need to define VLANs.
your config on 5540 will turn into:
interface Ethernet0/0
description uplink from switch
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/1
nameif outside
security-level 0
ip address 180.149.246.31 255.255.255.0
speed 100
duplex full
!
and you will plug your internal switch to ASA5540 port 0
and your internet router to ASA5540 port 1
hope this helps
max
it is because the logic is different ! On 5505 you map vlan on asa5505 switch interfaces, because it is right a switch.
On 5540 the ports are not switchports, but they are really ethernet ports.
So you do not need to define VLANs.
your config on 5540 will turn into:
interface Ethernet0/0
description uplink from switch
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/1
nameif outside
security-level 0
ip address 180.149.246.31 255.255.255.0
speed 100
duplex full
!
and you will plug your internal switch to ASA5540 port 0
and your internet router to ASA5540 port 1
hope this helps
max
Just a minor correction (I think, as I only have an ASA 5515 to refer to, not a 5540), but the interfaces might be "interface GigabitEthernet 0/0" and 0/1, and also check the capabilities of the connecting devices as you may not require the speed 100 command, or want to it set to "speed 1000" instead.
ASKER
Hi Friends,
Just one question now, I want to configure Vlan as below and it shd be for 0/0, 0/2, 0/3
interface Vlan2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
Please suggest does I need to create subinterface ?
Just one question now, I want to configure Vlan as below and it shd be for 0/0, 0/2, 0/3
interface Vlan2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
Please suggest does I need to create subinterface ?
You can't have an interface spread across multiple physical interfaces. If you need to plug in multiple devices to an interface you need a switch.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Same vlan cannot be used over all interfaces