Migration from PIX to ASA with same DMZ

Unanswered Question
Oct 17th, 2007

How can I migrate from a pix firewall to a ASA firewall using the same DMZ. doing this so there will be no changes to the ip's in the DMZ. I have tried to NAT the inbound DMZ of the ASA which gives the ASA's IP addres to internal DMZ servers. Works as long as there is not a load balancer which we use. Anything behind the load balancer will send reply https packets to the ASA, but the ASA will drop them.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Your question isn't very clear. Are you doing a drop in replacement of a PIX with an ASA? If so that should be pretty simple given that you've duplicated the configuration on the old PIX to the ASA. If you're trying to do something like run both firewalls at the same time, then that's going to get complicated real quick.

kevin-dickey Thu, 10/18/2007 - 04:44

Yes we are trying to run both at the same time. An easier idea would be to put multiple NICs in the DMZ servers and run two seperate DMZ'z. Not an option as I have walked into the situation. Company wants to test and slowly migrate to the new ASA firewall. Any ideas??


This Discussion