cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1208
Views
0
Helpful
9
Replies

queries regarding new ASA

Danilo Dy
VIP Alumni
VIP Alumni

Hi,

I have PIX 515e, 128MB/16MB, 8.0(4)/6.1(5)51. I just bought ASA 5510 Security Plus (post 8.3)

Problem 1 - ASA 5510 Security Plus, 1GB/256MB, 8.2(1)/6.2(1)

No problem loading config from PIX 515e

- However, I noticed that working in ASDM is slow compare to PIX 515e. Any explanation about this?

Problem 2 - ASA 5510 Security Plus, 1GB/256MB, 8.3(1)/6.3(1)

Upgrading 8.2(1)/6.2(1) to 8.3(1)/6.3(1) have the following problems

- A lot of errors during loading in the CLI

- Some configuration is missing in ASDM

Is there a tool to convert the config from 8.2(1)/6.2(1) to 8.3(1)/6.3(1)? The conversion when I first reboot the firewall after loading 8.3(1)/6.3(1) doesn't seem to work as some configuration is missing in ASDM and everytime the device rebooted, a lot of errors generated in the CLI.

TIA

9 Replies 9

David White
Cisco Employee
Cisco Employee

When you say "Working in ASDM is slow", I assume you mean changing between panels?  Or adding new config?  But not the actual deployment of the config to the device, correct?  If so, the performance of ASDM is largely dependant on the type of device it is being run on.  However, I haven't heard of any complaints about it being slow.

Can you provide a couple of concrete examples?

As for the 8.2 to 8.3 upgrade - an automatic conversion happens.  The CLI will be migrated upon first boot of 8.3.  However, if you attempt to go back to 8.2 without issuing the 'downgrade' command, then you will end up with a non-functional config.

As for the messages at boot, are they Warnings or Errors?  It may be best for you to open a TAC case to work through all the issues.  Else, start pasting them here one-by-one so we can attempt to answer them.

Sincerely,

David.

Hi David,

Thank you for your reply.

Regarding "ASDM Slow" its changing between panels. Less than 5 secs in PIX while more than 10 secs in new ASA. I'm using the same client PC and the network settings is hardcoded to 100Mbps/Full-duplex.

Regarding 8.2 to 8.3 upgrade, I noticed that it made a CLI migration which causes those warnings - I have not captured the errors so I can't be sure what are those. I also noticed that the rules are not shown in ASDM. A colleague experienced the same in another setup using ASA5540 a month ago (I found out after asking around).

I revert everything to 8.2 and reload the config from PIX, works fine (except that ASDM is a bit slower than when using PIX).

We will log a case about the 8.2 to 8.3 upgrade issue.

Best wishes,

Dandy

Hi Dandy,

That is very odd about the time it takes to change between panels in ASDM.  As there is no communication between your client PC and the ASA/PIX when you change panels.  So, the latency should be solely on the client PC.

A couple of followup questions:

(Note: These assume you are using the ASDM launcher - where ASDM is installed on your local PC)

ASDM versions are backwards compatible with the PIX/ASA images.  Therefore, can you try using the ASDM 6.2 version with the PIX and see if you have the same delay?  (Since your original post mentioned you were using ASDM 6.1 with the PIX).

Also, what version of Java, and what OS?

10 seconds is way too long, so something must be going wrong here.  We just need to get to the bottom of it.

Sincerely,

David.

David are u the David white from the NAC book?

Yes sir, that's me.

I am having the same problem as in this thread:

https://supportforums.cisco.com/message/3127263

I cannot reset password for my PIX 525 but I cannot find your contact. Could you please help?

Thank you!

I've posted the utility in the other thread.

Sincerely,

David.

You Rock. When I worked for the TAC I used to visit ur website.

bberry
Level 1
Level 1

I have a new ASA 5520 that I just put into production. I am running ASA Version 8.2(1) with ASDM Version 6.2(1). I too moved my PIX 515e config to the ASA throught the CLI. Are you running through a proxy for your browser? I had a problem getting ASDM to load and slow page updates if I was not bypassing our proxy. Since I have modified my browser to bypass the proxy, the response from ASDM is quite quick. I am using I.E. 7 and I am pretty sure the latest Java.

Brent

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: