Copy Config to Another ASA

Answered Question
Sep 7th, 2010
User Badges:

We have setup a Remote Access VPN, using Cisco VPN client in our test environment.  Everything is working properly.  We were able to login to Cisco VPN client and access the internal resources.  However, we want to copy the same config to another ASA.  We want to use the same group policies, same tunnel groups, etc.  We only need to change the IP address of the Outside interface and the default gateway of the Outside interface. Another word, we want to keep everything the same.  If we copy the same config to another ASA (production), do we need to change anything else?   Thanks.

Correct Answer by b.julin about 6 years 8 months ago

Don't forget to change the management address, otherwise ugliness ensues as the two boxes compete for it.

Correct Answer by Gavin Barber about 6 years 8 months ago

i use an app called ConText (Freeware) for editing ASA/PIX configs, its awesome when you load in the free highlighter package for Cisco devices, its a must if you are manually editing configs in my opinion.


http://www.contexteditor.org/


If i remember from memory it is probably worth also removing all the certificate information that gets generated by the device when you enable encryption.

Correct Answer by Jitendriya Athavale about 6 years 8 months ago

well yeah the nat rules, here is a small tip


get all the config and open it in a notepad, do a find for the public ip or public ip network and this will tell you what to replace

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Jitendriya Athavale Tue, 09/07/2010 - 08:59
User Badges:
  • Cisco Employee,

well yeah the nat rules, here is a small tip


get all the config and open it in a notepad, do a find for the public ip or public ip network and this will tell you what to replace

Correct Answer
Gavin Barber Tue, 09/07/2010 - 09:04
User Badges:

i use an app called ConText (Freeware) for editing ASA/PIX configs, its awesome when you load in the free highlighter package for Cisco devices, its a must if you are manually editing configs in my opinion.


http://www.contexteditor.org/


If i remember from memory it is probably worth also removing all the certificate information that gets generated by the device when you enable encryption.

Correct Answer
b.julin Tue, 09/07/2010 - 13:21
User Badges:
  • Bronze, 100 points or more

Don't forget to change the management address, otherwise ugliness ensues as the two boxes compete for it.

Actions

This Discussion