I am upgrading Cisco ASA 5520 to 5525-x. At the moment this is a single firewall which then will be upgraded to high availability pair.
The biggest concern we have is the MAC address. I have to keep the existing MAC address if possible for various reasons. I know there is an option to hardcode (spoof) MAC address on the new firewall to match the old one, but have few questions around that:
- does it create any extra load on the firewall (not sure if the MAC address is translated on the fly or it replace the old one permanently),
- does it affect in any way IPS which is going to be moved to the new firewall,
- is it fine to to keep the hardcoded MAC permanently?
Any additional recommendation are welcome. Basically I need some advice from someone who tried this in a very busy production environment.