Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Migration // 5510 to 5525-X


I've read up a fair articles detailing how to migrate/upgrade from ASA 5510 to a 5525-X and attempted this today without much luck.

I have basically copied the existing config on the 5510, edited the Interface names to reflect that the 5525 has all GigabitEthernet ports, and applied to the new unit. Once the connections have swapped, everything works perfectly except for the Site-to-Site VPN's that we have configured. 

I can only presume that its due to the Pre-Shared keys not coming over, or being applied somehow? Funnily enough, when setting up HA Active/Standby pre-deployment it would never copy the IKEv1/PSKs over to the secondary unit so I suspect thats the root cause. Any idea how I can get around this, or other techniques to try and get the new units online?


Many thanks,

Cisco Employee

Hi,You can try this command:


You can try this command:-

more system:running-config and this will PSK's in clear text and manually copy it to the new ASA.

Thanks and Regards,

Vibhor Amrodia

New Member

Hi Vibhor,Thats the command I

Hi Vibhor,

Thats the command I used initially to export the config out of the 5510 (otherwise it would just outputted a load of ****). PSK's were in clear-text, albeit encrypted hence why i'm wondering if its the encryption key that hasnt been applied correctly?


Hi,Please post your 'show


Please post your 'show version' output. Make sure you've got the right licenses.

Hall of Fame Super Silver

Do a side-by-side comparison

Do a side-by-side comparison using something like examdiff (free tool from Prestosoft). Make sure you accounted for all the commands migrated and places where the interface name was referenced.

CreatePlease login to create content