queries regarding new ASA

Unanswered Question
Jun 10th, 2010
User Badges:
  • Blue, 1500 points or more

Hi,


I have PIX 515e, 128MB/16MB, 8.0(4)/6.1(5)51. I just bought ASA 5510 Security Plus (post 8.3)


Problem 1 - ASA 5510 Security Plus, 1GB/256MB, 8.2(1)/6.2(1)

No problem loading config from PIX 515e

- However, I noticed that working in ASDM is slow compare to PIX 515e. Any explanation about this?


Problem 2 - ASA 5510 Security Plus, 1GB/256MB, 8.3(1)/6.3(1)

Upgrading 8.2(1)/6.2(1) to 8.3(1)/6.3(1) have the following problems

- A lot of errors during loading in the CLI

- Some configuration is missing in ASDM


Is there a tool to convert the config from 8.2(1)/6.2(1) to 8.3(1)/6.3(1)? The conversion when I first reboot the firewall after loading 8.3(1)/6.3(1) doesn't seem to work as some configuration is missing in ASDM and everytime the device rebooted, a lot of errors generated in the CLI.


TIA

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
David White Mon, 06/14/2010 - 20:15
User Badges:
  • Cisco Employee,

When you say "Working in ASDM is slow", I assume you mean changing between panels?  Or adding new config?  But not the actual deployment of the config to the device, correct?  If so, the performance of ASDM is largely dependant on the type of device it is being run on.  However, I haven't heard of any complaints about it being slow.


Can you provide a couple of concrete examples?


As for the 8.2 to 8.3 upgrade - an automatic conversion happens.  The CLI will be migrated upon first boot of 8.3.  However, if you attempt to go back to 8.2 without issuing the 'downgrade' command, then you will end up with a non-functional config.


As for the messages at boot, are they Warnings or Errors?  It may be best for you to open a TAC case to work through all the issues.  Else, start pasting them here one-by-one so we can attempt to answer them.


Sincerely,


David.

Danilo Dy Thu, 06/24/2010 - 05:12
User Badges:
  • Blue, 1500 points or more

Hi David,


Thank you for your reply.


Regarding "ASDM Slow" its changing between panels. Less than 5 secs in PIX while more than 10 secs in new ASA. I'm using the same client PC and the network settings is hardcoded to 100Mbps/Full-duplex.


Regarding 8.2 to 8.3 upgrade, I noticed that it made a CLI migration which causes those warnings - I have not captured the errors so I can't be sure what are those. I also noticed that the rules are not shown in ASDM. A colleague experienced the same in another setup using ASA5540 a month ago (I found out after asking around).


I revert everything to 8.2 and reload the config from PIX, works fine (except that ASDM is a bit slower than when using PIX).


We will log a case about the 8.2 to 8.3 upgrade issue.


Best wishes,

Dandy

David White Thu, 06/24/2010 - 19:07
User Badges:
  • Cisco Employee,

Hi Dandy,


That is very odd about the time it takes to change between panels in ASDM.  As there is no communication between your client PC and the ASA/PIX when you change panels.  So, the latency should be solely on the client PC.


A couple of followup questions:

(Note: These assume you are using the ASDM launcher - where ASDM is installed on your local PC)

ASDM versions are backwards compatible with the PIX/ASA images.  Therefore, can you try using the ASDM 6.2 version with the PIX and see if you have the same delay?  (Since your original post mentioned you were using ASDM 6.1 with the PIX).

Also, what version of Java, and what OS?


10 seconds is way too long, so something must be going wrong here.  We just need to get to the bottom of it.


Sincerely,


David.

David White Mon, 06/28/2010 - 09:28
User Badges:
  • Cisco Employee,

I've posted the utility in the other thread.


Sincerely,


David.

Diego Armando C... Mon, 06/28/2010 - 06:11
User Badges:
  • Bronze, 100 points or more

You Rock. When I worked for the TAC I used to visit ur website.

bberry Mon, 06/28/2010 - 06:21
User Badges:

I have a new ASA 5520 that I just put into production. I am running ASA Version 8.2(1) with ASDM Version 6.2(1). I too moved my PIX 515e config to the ASA throught the CLI. Are you running through a proxy for your browser? I had a problem getting ASDM to load and slow page updates if I was not bypassing our proxy. Since I have modified my browser to bypass the proxy, the response from ASDM is quite quick. I am using I.E. 7 and I am pretty sure the latest Java.


Brent

Actions

This Discussion