Moving Ipsec conf. form PIX to ASA

Answered Question
Jul 2nd, 2007

Hi.I have one quick question.I have a PIX configured with Ipsec configuration but we have now upgraded to an ASA.

Can I just copy paste the configuration from PIX to ASA(all the crypto and isakmp commands) or do I have to change some commands for it to work?

ASA uses the same addresses that PIX used in its configuration.

I have this problem too.
0 votes
Correct Answer by gargravarr about 9 years 6 months ago

"isakmp key"" command is replaced with tunnel-group"

use :-

tunnel-group xx.xx.xx.xx type ipsec-l2l

tunnel-group xx.xx.xx.xx ipsec-attributes

pre-shared-key "isakmp key"

where xx.xx.xx.xx is the address of the peer.

isakmp policy are replced with

crypto isakmp policy "number"

authentication

encryption

hash

group

lifetime

Hope this helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
johnd2310 Mon, 07/02/2007 - 20:34

Hi,

What version is the pix running and what version is the asa running.

regards

John

IgorHamzic Mon, 07/02/2007 - 23:29

PIX is running version 6.3(5) and ASA is running version 7.0(6).

Correct Answer
gargravarr Wed, 07/04/2007 - 03:12

"isakmp key"" command is replaced with tunnel-group"

use :-

tunnel-group xx.xx.xx.xx type ipsec-l2l

tunnel-group xx.xx.xx.xx ipsec-attributes

pre-shared-key "isakmp key"

where xx.xx.xx.xx is the address of the peer.

isakmp policy are replced with

crypto isakmp policy "number"

authentication

encryption

hash

group

lifetime

Hope this helps.

IgorHamzic Wed, 07/04/2007 - 11:15

Thanks for all your help.It helped me configure it ASA without problem.

Actions

This Discussion