Solved

Migrate Cisco ASA 5510 and 5515 K9?

Posted on 2016-11-04
12
58 Views
Last Modified: 2016-11-10
Hello experts,

We currently have a Cisco ASA 5510 and just purchased a 5515 k9.  Is there a easy way to import in our configuration from the first to the new one and also are these two able to be clustered?

Thank you,

Karen
0
Comment
Question by:klsphotos
  • 4
  • 3
  • 2
  • +2
12 Comments
 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 125 total points
ID: 41874617
The difference varies between releases.

What version (show version) are you running on each?
0
 
LVL 13

Accepted Solution

by:
SIM50 earned 250 total points
ID: 41874728
If version is 8.4+, you can copy and paste the config into the new device.
For failover cluster, devices need to be the same.
0
 
LVL 9

Assisted Solution

by:Cheever000
Cheever000 earned 125 total points
ID: 41874746
As SIM said, if the version is 8.4 + you can copy past, just change the name of the interfaces to match the Gig on the 15. you could do a find replace.
0
 

Author Comment

by:klsphotos
ID: 41874758
Thank you everyone.  I honestly think it's version 7 something, I would have to look, does that mean we have to upgrade it before copying the config over?  I honestly do not want to re-configure eveyrthing we have in the first one by hand......that would be a nightmare.

Guess I can't back it up and import it in?

Karen
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 41874764
No, and you don't want to.  Better to copy and modify the configuration for the new release.
0
 
LVL 9

Expert Comment

by:Cheever000
ID: 41874767
If you are running 7, there are massive changes between that and the 9 code that the 5515 is running.  Best bet here is to rebuild the configuration clean and new.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 13

Expert Comment

by:SIM50
ID: 41874775
Guess I can't back it up and import it in?

You can't import a config from one ASA to another ASA.

Technically, you can try to upgrade and let ASA do the conversion. If you are running 7.0 code than most likely your ASA has 256MB of RAM and you need 1GB for 8.3.

EDIT: You would have to follow the upgrade path, you wouldn't be able to go straight to 9.x version from 7.x.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 41875358
It you are versson 7 I'd rebuild it fresh, as pointed out above even post 8.3 you would need to change the physical interface names as the new firewall will have gigabit ports.

If you use certificates you will also need to export the cert and import it onto the new firewall, though if you have a decent cert vendor they will reissue a set to save you the bother!

TO EXPORT
ASDM
Configuration > Device Management > Certificate Management > Identity Certificates > Select the certificate > Export > Choose a location and a 'pass-phrase'.
CLI
crypto ca export {trust-point-name} pkcs12 {password}

TO IMPORT
ASDM

Configuration > Device Management > Certificate Management > Identity Certificates > Add > Use the same Trustpoint name as the source firewall > Browse the file you exported earlier > Enter the passphrase > Add Certificate.
CLI
crypto ca import {trust-point-name} pkcs12 {password}


If you build it beside the ASA5510 then you can test by simply swapping the cables over, if you do this, then make sure the routers/switches directly connected, you know how to flush the ARP/MAC cache on them.

You could of course update the ASA5510 to version 8.3 (there are memory limitations to doing this,) but you only really want to update the config, so it will just honk and error when it reboots - the config will get updated, this is a little riskier, but if you have a weekends worth of downtime you could always downgrade and restore the config again if it explodes! If you go down that route, issue a "no nat-control' command first and make sure you know what all your NAT rules are doing - (I had one update my nat rules backwards once?)

P
0
 

Author Comment

by:klsphotos
ID: 41877598
Thank you everyone.  I have confirmed it is version 7 we are running now.  I have never done this before so it looks like I do not have any choice but to set it up from scratch with the same config?  The new one is so much bigger than our old one.  

I'm overjoyed
1
 

Author Comment

by:klsphotos
ID: 41882799
HI everyone, not sure if I should open up a new ticket but I just found out the ASA version of the new device is 9.2 and our current version is 8.2, should I still do it manually or could I copy the config?

Thank you
0
 
LVL 13

Expert Comment

by:SIM50
ID: 41882805
Manually. The big changes come in 8.3.
0
 
LVL 13

Expert Comment

by:SIM50
ID: 41882809
Alternatively, you can downgrade the new ASA to 8.2, copy and paste config then upgrade to 8.3. Verify and clean up config if necessary and then continue upgrading to 9.6.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now