Upgrading ASA hardware

Unanswered Question
Apr 16th, 2014
User Badges:


I am upgrading Cisco ASA 5520 to 5525-x. At the moment this is a single firewall which then will be upgraded to high availability pair.

The biggest concern we have is the MAC address. I have to keep the existing MAC address if possible for various reasons. I know there is an option to hardcode (spoof) MAC address on the new firewall to match the old one, but have few questions around that:

- does it create any extra load on the firewall (not sure if the MAC address is translated on the fly or it replace the old one permanently),

- does it affect in any way IPS which is going to be moved to the new firewall,

- is it fine to to keep the hardcoded MAC permanently?

Any additional recommendation are welcome. Basically I need some advice from someone who tried this in a very busy production environment.


Many thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion