Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA copy tftp run question

Hello,

I have 2 ASA 5520's.  I had to split them up to migrate over to a new ISP while keeping the old ISP in service temporarily.  I want to join them back together now with the new ISP because we are going to be ending our contract with the old ISP.  However, I also want to upgrade the IOS from 8.2 to the newest IOS.  I know I should copy the new ISP configuration over first.  My question is; Can I copy a configuration using: "copy tftp run" (w/out quotes), on a ASA 5520 just the same as doing it on a switch?  Then make it the boot configuration?  Or is there a different way to copy a configuration over than how it's done on a switch?

 

Thank you in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

It's pretty similar. If you

It's pretty similar. If you copy to running-config, you'll have to save (write memory) to commit that as the startup-config. You can also copy directly to startup-config.

The detailed syntax is laid out here: link.

You didn't say, but if your ASAs are to be setup as an HA pair, the primary unit will automatically replicate the configuration to the mate when it detects the mate returning to the link.

Note if you were moving physical units and have any certificates, VPN Profiles, AnyConnect images, Clientless SSL VPN portal customization etc. that those are separate from the configuration file and need to be handled separately when migrating an ASA.

One final note - "ASA software" is just that - it's not IOS.

5 REPLIES
Hall of Fame Super Silver

It's pretty similar. If you

It's pretty similar. If you copy to running-config, you'll have to save (write memory) to commit that as the startup-config. You can also copy directly to startup-config.

The detailed syntax is laid out here: link.

You didn't say, but if your ASAs are to be setup as an HA pair, the primary unit will automatically replicate the configuration to the mate when it detects the mate returning to the link.

Note if you were moving physical units and have any certificates, VPN Profiles, AnyConnect images, Clientless SSL VPN portal customization etc. that those are separate from the configuration file and need to be handled separately when migrating an ASA.

One final note - "ASA software" is just that - it's not IOS.

Community Member

Thank you for the quick

Thank you for the quick response Marvin.

I do understand that I have to export all of the additonal files from the production ASA so I can import them to the old one once I copy the running-config over.

However, do you have a link that will give me the commands to take out the old configuration?  Because I have read that simply copying a configuration to the old one will merge them together.

Hall of Fame Super Silver

You're welcome.If you want to

You're welcome.

If you want to blow away the old configuration, you could always "configure factory-default". What that leaves you with is described elsewhere in the configuration guide (here).

Please mark your post when answered and rate helpful replies. Thanks!

Community Member

One more question on this

One more question on this subject.

do I export each of the files listed under the "sh import webvpn plug-in?"

Hall of Fame Super Silver

If you're using the plug-ins

If you're using the plug-ins for Clientless SSL VPN (with AnyConnect Premium) then, yes, they are required.

If you aren't then they don't make any difference.

91
Views
5
Helpful
5
Replies
CreatePlease to create content