Moving Ipsec conf. form PIX to ASA

Answered Question
Jul 2nd, 2007
User Badges:

Hi.I have one quick question.I have a PIX configured with Ipsec configuration but we have now upgraded to an ASA.

Can I just copy paste the configuration from PIX to ASA(all the crypto and isakmp commands) or do I have to change some commands for it to work?

ASA uses the same addresses that PIX used in its configuration.

Correct Answer by gargravarr about 10 years 2 weeks ago

"isakmp key"" command is replaced with tunnel-group"

use :-

tunnel-group xx.xx.xx.xx type ipsec-l2l

tunnel-group xx.xx.xx.xx ipsec-attributes

pre-shared-key "isakmp key"

where xx.xx.xx.xx is the address of the peer.

isakmp policy are replced with

crypto isakmp policy "number"

authentication

encryption

hash

group

lifetime


Hope this helps.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
johnd2310 Mon, 07/02/2007 - 20:34
User Badges:
  • Silver, 250 points or more

Hi,


What version is the pix running and what version is the asa running.


regards

John

IgorHamzic Mon, 07/02/2007 - 23:29
User Badges:

PIX is running version 6.3(5) and ASA is running version 7.0(6).

Correct Answer
gargravarr Wed, 07/04/2007 - 03:12
User Badges:

"isakmp key"" command is replaced with tunnel-group"

use :-

tunnel-group xx.xx.xx.xx type ipsec-l2l

tunnel-group xx.xx.xx.xx ipsec-attributes

pre-shared-key "isakmp key"

where xx.xx.xx.xx is the address of the peer.

isakmp policy are replced with

crypto isakmp policy "number"

authentication

encryption

hash

group

lifetime


Hope this helps.


IgorHamzic Wed, 07/04/2007 - 11:15
User Badges:

Thanks for all your help.It helped me configure it ASA without problem.

Actions

This Discussion