Solved

Migrate Cisco ASA 5510 and 5515 K9?

Posted on 2016-11-04
12
114 Views
Last Modified: 2016-11-10
Hello experts,

We currently have a Cisco ASA 5510 and just purchased a 5515 k9.  Is there a easy way to import in our configuration from the first to the new one and also are these two able to be clustered?

Thank you,

Karen
0
Comment
Question by:klsphotos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
12 Comments
 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 125 total points
ID: 41874617
The difference varies between releases.

What version (show version) are you running on each?
0
 
LVL 14

Accepted Solution

by:
SIM50 earned 250 total points
ID: 41874728
If version is 8.4+, you can copy and paste the config into the new device.
For failover cluster, devices need to be the same.
0
 
LVL 9

Assisted Solution

by:Cheever000
Cheever000 earned 125 total points
ID: 41874746
As SIM said, if the version is 8.4 + you can copy past, just change the name of the interfaces to match the Gig on the 15. you could do a find replace.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:klsphotos
ID: 41874758
Thank you everyone.  I honestly think it's version 7 something, I would have to look, does that mean we have to upgrade it before copying the config over?  I honestly do not want to re-configure eveyrthing we have in the first one by hand......that would be a nightmare.

Guess I can't back it up and import it in?

Karen
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 41874764
No, and you don't want to.  Better to copy and modify the configuration for the new release.
0
 
LVL 9

Expert Comment

by:Cheever000
ID: 41874767
If you are running 7, there are massive changes between that and the 9 code that the 5515 is running.  Best bet here is to rebuild the configuration clean and new.
0
 
LVL 14

Expert Comment

by:SIM50
ID: 41874775
Guess I can't back it up and import it in?

You can't import a config from one ASA to another ASA.

Technically, you can try to upgrade and let ASA do the conversion. If you are running 7.0 code than most likely your ASA has 256MB of RAM and you need 1GB for 8.3.

EDIT: You would have to follow the upgrade path, you wouldn't be able to go straight to 9.x version from 7.x.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 41875358
It you are versson 7 I'd rebuild it fresh, as pointed out above even post 8.3 you would need to change the physical interface names as the new firewall will have gigabit ports.

If you use certificates you will also need to export the cert and import it onto the new firewall, though if you have a decent cert vendor they will reissue a set to save you the bother!

TO EXPORT
ASDM
Configuration > Device Management > Certificate Management > Identity Certificates > Select the certificate > Export > Choose a location and a 'pass-phrase'.
CLI
crypto ca export {trust-point-name} pkcs12 {password}

TO IMPORT
ASDM

Configuration > Device Management > Certificate Management > Identity Certificates > Add > Use the same Trustpoint name as the source firewall > Browse the file you exported earlier > Enter the passphrase > Add Certificate.
CLI
crypto ca import {trust-point-name} pkcs12 {password}


If you build it beside the ASA5510 then you can test by simply swapping the cables over, if you do this, then make sure the routers/switches directly connected, you know how to flush the ARP/MAC cache on them.

You could of course update the ASA5510 to version 8.3 (there are memory limitations to doing this,) but you only really want to update the config, so it will just honk and error when it reboots - the config will get updated, this is a little riskier, but if you have a weekends worth of downtime you could always downgrade and restore the config again if it explodes! If you go down that route, issue a "no nat-control' command first and make sure you know what all your NAT rules are doing - (I had one update my nat rules backwards once?)

P
0
 

Author Comment

by:klsphotos
ID: 41877598
Thank you everyone.  I have confirmed it is version 7 we are running now.  I have never done this before so it looks like I do not have any choice but to set it up from scratch with the same config?  The new one is so much bigger than our old one.  

I'm overjoyed
1
 

Author Comment

by:klsphotos
ID: 41882799
HI everyone, not sure if I should open up a new ticket but I just found out the ASA version of the new device is 9.2 and our current version is 8.2, should I still do it manually or could I copy the config?

Thank you
0
 
LVL 14

Expert Comment

by:SIM50
ID: 41882805
Manually. The big changes come in 8.3.
0
 
LVL 14

Expert Comment

by:SIM50
ID: 41882809
Alternatively, you can downgrade the new ASA to 8.2, copy and paste config then upgrade to 8.3. Verify and clean up config if necessary and then continue upgrading to 9.6.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question