PIX 515E 8.0.3 to ASA 5520 8.0.3

Unanswered Question
Feb 2nd, 2008


I am upgrading my PIX 515e 8.0.3 os to ASA 5520 8.0.3 os with AIP-SSM module.

My pix 6 interface are been used and I am planning to use the subinterface with VLAN in ASA 5520.

Is their any particular issues I should take care off while migrating?

PIX is running in single mode, in ASA also I am planning to use single context, routed mode.

Please let me know how should I need to migrate and what all things should be taken care off?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
JORGE RODRIGUEZ Sat, 02/02/2008 - 16:55

You should be able to migrate with no issues since you are keeping the same routed mode, just keep in mind that if you are using a single interface on ASA to create your four networks from that of the quad card of the PIX you will need to used 802.1q and create your vlans in the switch, other than that you should face no problems by buidling your configuration on the new ASA.

If you need assistance let us know.



examples20001 Sun, 02/03/2008 - 05:11


Attached files are two plans which I am planning to do the migrate the structure.

Which plan will be good and easy to do the migration?

After migration is their any problem with any protocols with 8.0.3 OS in ASA like FTP, SMTP, etc?

How to setup the IPS module?

JORGE RODRIGUEZ Sun, 02/03/2008 - 13:20

Personally I would go with your Plan1 design as it provides redundancy for your DZMvlans and outside connected hosts on your 3750G switches, you are also trunking etherchanneling between the 3750Gs correct?, I do have similar design using Active-Standby 515Es still and currently looking to migreate to ASA just as you are.. As for the IPS I am anble to comment because I have not yet used it but I would assume you are using IPS on both firewalls ? I would let someone comment on the IPS portion ..

AS for issues with protocols such as FTP, SMTP on 8.03 I am not aware since it is a brand new code, your best bet would be to check bug database on code 8.03 to see what bugs have been reported so that you are prepare, that is what I do when I have migrated to to version 7.0 on PIX, checking the bug database gives you beter perspective on opened bugs that one should be awaye prior to migration.

go to bug tool kit and check the current opened bugs on 80.3 if any.





This Discussion