PIX to ASA conversion / DNS problems

Unanswered Question

I'm migrating from a PIX 525 to ASA 5520 failover pair. Both firewalls are at 7.0.7 code. At cutover time, configuration commands were copied from PIX to ASA with adjustments made to interface names, as well as speed / duplex of interfaces to keep all aspects the same. All switch port interfaces remained the same. Internet access with PIX inline works fine; DNS resolves names properly. When ASA's are brought inline, Internet access fails. ARP cache were cleared on ASA's and ethernet switches. Are there any known conversion commands and or debug commands that can be used to isolate the problem with the ASA's being inline versus the PIX's being inline?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Thu, 05/29/2008 - 11:02
User Badges:
  • Blue, 1500 points or more

by inline, do you just mean live?

how much time do you give the asa's before you take them back offline?

did you configure all of the proper failover commands on the new asa's?

have you cleared the arp cache's (or given them time to clear) on all other directly connected network devices?

cisco24x7 Thu, 05/29/2008 - 11:35
User Badges:
  • Silver, 250 points or more


Did you pass the Security lab? Share the good

news my friend?


This Discussion