07-02-2007 06:48 AM - edited 02-21-2020 03:08 PM
Hi.I have one quick question.I have a PIX configured with Ipsec configuration but we have now upgraded to an ASA.
Can I just copy paste the configuration from PIX to ASA(all the crypto and isakmp commands) or do I have to change some commands for it to work?
ASA uses the same addresses that PIX used in its configuration.
Solved! Go to Solution.
07-04-2007 03:12 AM
"isakmp key"" command is replaced with tunnel-group"
use :-
tunnel-group xx.xx.xx.xx type ipsec-l2l
tunnel-group xx.xx.xx.xx ipsec-attributes
pre-shared-key "isakmp key"
where xx.xx.xx.xx is the address of the peer.
isakmp policy are replced with
crypto isakmp policy "number"
authentication
encryption
hash
group
lifetime
Hope this helps.
07-02-2007 08:34 PM
Hi,
What version is the pix running and what version is the asa running.
regards
John
07-02-2007 11:29 PM
PIX is running version 6.3(5) and ASA is running version 7.0(6).
07-03-2007 05:12 AM
are you running isakmp pre shared keys or CA
07-03-2007 06:27 PM
Pre shared keys.
07-03-2007 10:03 PM
Hi,
You should be able to copy and paste some of the old config to the new box as most command are converted automatically. You might want to look at the following doc to review some of the commands you might need to configure manually:http://www.cisco.com/en/US/docs/security/asa/asa70/pix_upgrade/upgrade/guide/pixupgrd.html
Regards
John
07-04-2007 03:12 AM
"isakmp key"" command is replaced with tunnel-group"
use :-
tunnel-group xx.xx.xx.xx type ipsec-l2l
tunnel-group xx.xx.xx.xx ipsec-attributes
pre-shared-key "isakmp key"
where xx.xx.xx.xx is the address of the peer.
isakmp policy are replced with
crypto isakmp policy "number"
authentication
encryption
hash
group
lifetime
Hope this helps.
07-04-2007 11:15 AM
Thanks for all your help.It helped me configure it ASA without problem.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: