Copy Config to Another ASA

Answered Question
Sep 7th, 2010

We have setup a Remote Access VPN, using Cisco VPN client in our test environment.  Everything is working properly.  We were able to login to Cisco VPN client and access the internal resources.  However, we want to copy the same config to another ASA.  We want to use the same group policies, same tunnel groups, etc.  We only need to change the IP address of the Outside interface and the default gateway of the Outside interface. Another word, we want to keep everything the same.  If we copy the same config to another ASA (production), do we need to change anything else?   Thanks.

I have this problem too.
0 votes
Correct Answer by b.julin about 6 years 2 months ago

Don't forget to change the management address, otherwise ugliness ensues as the two boxes compete for it.

Correct Answer by Gavin Barber about 6 years 2 months ago

i use an app called ConText (Freeware) for editing ASA/PIX configs, its awesome when you load in the free highlighter package for Cisco devices, its a must if you are manually editing configs in my opinion.

http://www.contexteditor.org/

If i remember from memory it is probably worth also removing all the certificate information that gets generated by the device when you enable encryption.

Correct Answer by Jitendriya Athavale about 6 years 2 months ago

well yeah the nat rules, here is a small tip

get all the config and open it in a notepad, do a find for the public ip or public ip network and this will tell you what to replace

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Jitendriya Athavale Tue, 09/07/2010 - 08:59

well yeah the nat rules, here is a small tip

get all the config and open it in a notepad, do a find for the public ip or public ip network and this will tell you what to replace

Correct Answer
Gavin Barber Tue, 09/07/2010 - 09:04

i use an app called ConText (Freeware) for editing ASA/PIX configs, its awesome when you load in the free highlighter package for Cisco devices, its a must if you are manually editing configs in my opinion.

http://www.contexteditor.org/

If i remember from memory it is probably worth also removing all the certificate information that gets generated by the device when you enable encryption.

Correct Answer
b.julin Tue, 09/07/2010 - 13:21

Don't forget to change the management address, otherwise ugliness ensues as the two boxes compete for it.

Actions

This Discussion