Solved

Migrate Cisco ASA 5510 and 5515 K9?

Posted on 2016-11-04
12
75 Views
Last Modified: 2016-11-10
Hello experts,

We currently have a Cisco ASA 5510 and just purchased a 5515 k9.  Is there a easy way to import in our configuration from the first to the new one and also are these two able to be clustered?

Thank you,

Karen
0
Comment
Question by:klsphotos
  • 4
  • 3
  • 2
  • +2
12 Comments
 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 125 total points
ID: 41874617
The difference varies between releases.

What version (show version) are you running on each?
0
 
LVL 14

Accepted Solution

by:
SIM50 earned 250 total points
ID: 41874728
If version is 8.4+, you can copy and paste the config into the new device.
For failover cluster, devices need to be the same.
0
 
LVL 9

Assisted Solution

by:Cheever000
Cheever000 earned 125 total points
ID: 41874746
As SIM said, if the version is 8.4 + you can copy past, just change the name of the interfaces to match the Gig on the 15. you could do a find replace.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:klsphotos
ID: 41874758
Thank you everyone.  I honestly think it's version 7 something, I would have to look, does that mean we have to upgrade it before copying the config over?  I honestly do not want to re-configure eveyrthing we have in the first one by hand......that would be a nightmare.

Guess I can't back it up and import it in?

Karen
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 41874764
No, and you don't want to.  Better to copy and modify the configuration for the new release.
0
 
LVL 9

Expert Comment

by:Cheever000
ID: 41874767
If you are running 7, there are massive changes between that and the 9 code that the 5515 is running.  Best bet here is to rebuild the configuration clean and new.
0
 
LVL 14

Expert Comment

by:SIM50
ID: 41874775
Guess I can't back it up and import it in?

You can't import a config from one ASA to another ASA.

Technically, you can try to upgrade and let ASA do the conversion. If you are running 7.0 code than most likely your ASA has 256MB of RAM and you need 1GB for 8.3.

EDIT: You would have to follow the upgrade path, you wouldn't be able to go straight to 9.x version from 7.x.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 41875358
It you are versson 7 I'd rebuild it fresh, as pointed out above even post 8.3 you would need to change the physical interface names as the new firewall will have gigabit ports.

If you use certificates you will also need to export the cert and import it onto the new firewall, though if you have a decent cert vendor they will reissue a set to save you the bother!

TO EXPORT
ASDM
Configuration > Device Management > Certificate Management > Identity Certificates > Select the certificate > Export > Choose a location and a 'pass-phrase'.
CLI
crypto ca export {trust-point-name} pkcs12 {password}

TO IMPORT
ASDM

Configuration > Device Management > Certificate Management > Identity Certificates > Add > Use the same Trustpoint name as the source firewall > Browse the file you exported earlier > Enter the passphrase > Add Certificate.
CLI
crypto ca import {trust-point-name} pkcs12 {password}


If you build it beside the ASA5510 then you can test by simply swapping the cables over, if you do this, then make sure the routers/switches directly connected, you know how to flush the ARP/MAC cache on them.

You could of course update the ASA5510 to version 8.3 (there are memory limitations to doing this,) but you only really want to update the config, so it will just honk and error when it reboots - the config will get updated, this is a little riskier, but if you have a weekends worth of downtime you could always downgrade and restore the config again if it explodes! If you go down that route, issue a "no nat-control' command first and make sure you know what all your NAT rules are doing - (I had one update my nat rules backwards once?)

P
0
 

Author Comment

by:klsphotos
ID: 41877598
Thank you everyone.  I have confirmed it is version 7 we are running now.  I have never done this before so it looks like I do not have any choice but to set it up from scratch with the same config?  The new one is so much bigger than our old one.  

I'm overjoyed
1
 

Author Comment

by:klsphotos
ID: 41882799
HI everyone, not sure if I should open up a new ticket but I just found out the ASA version of the new device is 9.2 and our current version is 8.2, should I still do it manually or could I copy the config?

Thank you
0
 
LVL 14

Expert Comment

by:SIM50
ID: 41882805
Manually. The big changes come in 8.3.
0
 
LVL 14

Expert Comment

by:SIM50
ID: 41882809
Alternatively, you can downgrade the new ASA to 8.2, copy and paste config then upgrade to 8.3. Verify and clean up config if necessary and then continue upgrading to 9.6.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question