copy config from asa5520 to asa5510

Unanswered Question
Jul 16th, 2009

i have a asa5520 acting as the main firewall, and asa5510 acting as the backup firewall. if and when the 5520 goes down, i can turn it off and power up the 5510. (failover is not setup since 5510 does not support it).

question:

aside from the obvious differences in interface names (e.g. on 5520, its call FastEthernet, but on 5510, its call Ethernet), can I simply take the config from the 5520, modify it so the 5510 will understand it (like replace FastEthernet with Ethernet in the config), then TFTP the modified config to 5510?

Will all the passwords continue to work?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Fri, 07/17/2009 - 05:03

You will need to re-enter the clear text passwords, radius keys, ssh keys, etc. You can open the 5520 config, put the passwords in the correct place and save the file. Then copy tftp and enter copy flash:/config-file running. This will add all the commands in the file to the running config. No matter what though, you will have to generate new SSH keys.

Hope that helps.

tachyon05 Mon, 07/20/2009 - 11:32

actually, i found out that i do not need to re enter passwords. simply replace the interface names and tftp the config will work.

pdesch Mon, 07/20/2009 - 06:50

In case you weren't aware, the ASA 5510 does support failover with a Security Plus license.

tachyon05 Mon, 07/20/2009 - 11:31

yes, we have the security plus license installed on the 5510. however, our main asa is a 5520. my understanding is that failover, regardless of A/A or A/S, only works on 2 identical hardware. can i setup failover between my 5510 and 5520?

Collin Clark Mon, 07/20/2009 - 11:33

No you can't.

The two units in a failover configuration must have the same hardware configuration. They must be the same model, have the same number and types of interfaces, and the same amount of RAM.

Actions

This Discussion