04-08-2014 08:23 AM - edited 03-11-2019 09:02 PM
Hello,
I have 2 ASA 5520's. I had to split them up to migrate over to a new ISP while keeping the old ISP in service temporarily. I want to join them back together now with the new ISP because we are going to be ending our contract with the old ISP. However, I also want to upgrade the IOS from 8.2 to the newest IOS. I know I should copy the new ISP configuration over first. My question is; Can I copy a configuration using: "copy tftp run" (w/out quotes), on a ASA 5520 just the same as doing it on a switch? Then make it the boot configuration? Or is there a different way to copy a configuration over than how it's done on a switch?
Thank you in advance.
Solved! Go to Solution.
04-08-2014 08:40 AM
It's pretty similar. If you copy to running-config, you'll have to save (write memory) to commit that as the startup-config. You can also copy directly to startup-config.
The detailed syntax is laid out here: link.
You didn't say, but if your ASAs are to be setup as an HA pair, the primary unit will automatically replicate the configuration to the mate when it detects the mate returning to the link.
Note if you were moving physical units and have any certificates, VPN Profiles, AnyConnect images, Clientless SSL VPN portal customization etc. that those are separate from the configuration file and need to be handled separately when migrating an ASA.
One final note - "ASA software" is just that - it's not IOS.
04-08-2014 08:40 AM
It's pretty similar. If you copy to running-config, you'll have to save (write memory) to commit that as the startup-config. You can also copy directly to startup-config.
The detailed syntax is laid out here: link.
You didn't say, but if your ASAs are to be setup as an HA pair, the primary unit will automatically replicate the configuration to the mate when it detects the mate returning to the link.
Note if you were moving physical units and have any certificates, VPN Profiles, AnyConnect images, Clientless SSL VPN portal customization etc. that those are separate from the configuration file and need to be handled separately when migrating an ASA.
One final note - "ASA software" is just that - it's not IOS.
04-08-2014 09:19 AM
Thank you for the quick response Marvin.
I do understand that I have to export all of the additonal files from the production ASA so I can import them to the old one once I copy the running-config over.
However, do you have a link that will give me the commands to take out the old configuration? Because I have read that simply copying a configuration to the old one will merge them together.
04-08-2014 09:54 AM
You're welcome.
If you want to blow away the old configuration, you could always "configure factory-default". What that leaves you with is described elsewhere in the configuration guide (here).
Please mark your post when answered and rate helpful replies. Thanks!
04-08-2014 02:53 PM
One more question on this subject.
do I export each of the files listed under the "sh import webvpn plug-in?"
04-08-2014 04:06 PM
If you're using the plug-ins for Clientless SSL VPN (with AnyConnect Premium) then, yes, they are required.
If you aren't then they don't make any difference.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide