Solved: ASA copy tftp run question

Robin Swan · ‎04-08-2014

Hello,

I have 2 ASA 5520's. I had to split them up to migrate over to a new ISP while keeping the old ISP in service temporarily. I want to join them back together now with the new ISP because we are going to be ending our contract with the old ISP. However, I also want to upgrade the IOS from 8.2 to the newest IOS. I know I should copy the new ISP configuration over first. My question is; Can I copy a configuration using: "copy tftp run" (w/out quotes), on a ASA 5520 just the same as doing it on a switch? Then make it the boot configuration? Or is there a different way to copy a configuration over than how it's done on a switch?

Thank you in advance.

Marvin Rhoads · ‎04-08-2014

It's pretty similar. If you copy to running-config, you'll have to save (write memory) to commit that as the startup-config. You can also copy directly to startup-config.

The detailed syntax is laid out here: link.

You didn't say, but if your ASAs are to be setup as an HA pair, the primary unit will automatically replicate the configuration to the mate when it detects the mate returning to the link.

Note if you were moving physical units and have any certificates, VPN Profiles, AnyConnect images, Clientless SSL VPN portal customization etc. that those are separate from the configuration file and need to be handled separately when migrating an ASA.

One final note - "ASA software" is just that - it's not IOS.

View solution in original post

Marvin Rhoads · ‎04-08-2014

It's pretty similar. If you copy to running-config, you'll have to save (write memory) to commit that as the startup-config. You can also copy directly to startup-config.

The detailed syntax is laid out here: link.

You didn't say, but if your ASAs are to be setup as an HA pair, the primary unit will automatically replicate the configuration to the mate when it detects the mate returning to the link.

Note if you were moving physical units and have any certificates, VPN Profiles, AnyConnect images, Clientless SSL VPN portal customization etc. that those are separate from the configuration file and need to be handled separately when migrating an ASA.

One final note - "ASA software" is just that - it's not IOS.

Robin Swan · ‎04-08-2014

Thank you for the quick response Marvin.

I do understand that I have to export all of the additonal files from the production ASA so I can import them to the old one once I copy the running-config over.

However, do you have a link that will give me the commands to take out the old configuration? Because I have read that simply copying a configuration to the old one will merge them together.

Marvin Rhoads · ‎04-08-2014

You're welcome.

If you want to blow away the old configuration, you could always "configure factory-default". What that leaves you with is described elsewhere in the configuration guide (here).

Please mark your post when answered and rate helpful replies. Thanks!

Robin Swan · ‎04-08-2014

One more question on this subject.

do I export each of the files listed under the "sh import webvpn plug-in?"

Marvin Rhoads · ‎04-08-2014

If you're using the plug-ins for Clientless SSL VPN (with AnyConnect Premium) then, yes, they are required.

If you aren't then they don't make any difference.