Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco PIX 515 E to ASA upgrade?

Hi, I need to upgrade/ replace a Cisco 515 E firewall with a Cisco ASA. Not sure what model yet! The pix has about 80 lines of ACLs and I side and outside interfaces with No VPNs.. I was wondering of those lines of ACLs can be transferred over to ASA as is or there are things I need to watch for ?

No VPN

Only inside and outside interfaces

80 lines of ACLs

Please advise.

Regards,

Masood

Sent from Cisco Technical Support iPhone App

3 ACCEPTED SOLUTIONS

Accepted Solutions
Red

Cisco PIX 515 E to ASA upgrade?

Yes there is a PIX to ASA migration utility, you can find it either on cisco.com or you can find it on this community as well, if you search.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC

Cisco PIX 515 E to ASA upgrade?

Hello,

My recomendation is the same that Varun suggested before,

1- Downgrade the ASA version to 8.2

2- Migrate to Pix 8.0(4) to ASA 8.2

3-Upgrade the ASA form 8.2 to 8.4

With this all the major changes from 8.2 to 8.4 will be done automatically by the ASA.

If any help is need it in the process just let us know, we will be more than glad to help.

Regards,

Do rate all the helfpul posts

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com

Re: Cisco PIX 515 E to ASA upgrade?

Hello Masood,

Sure, it is my pleasure to help!!

If there is something else I can do for you just let me know.I will be more than glad to help.

Have a good one!!!

Do Rate all the helpful posts

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
21 REPLIES

Cisco PIX 515 E to ASA upgrade?

Hello,

What version do you have on the ASA?

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Cisco PIX 515 E to ASA upgrade?

Hi,

I am not yet sure what version of ASA but will know soon.

I did some work like this years ago when ASa had just hit the market and if I remember correctly I was able to use the ACLs except for any conduits that were used in teh pIX 515E. I assume it is still the case anbd ACL can be transfeerref over but not conduits. haveing said that, sinc eits been loing since my last ASA install, I wasn;t totally sure!

is there a Cisco utility that can covert conduits to ACLs?

thank you in advance.

Regards,

Masood

Red

Cisco PIX 515 E to ASA upgrade?

Yes there is a PIX to ASA migration utility, you can find it either on cisco.com or you can find it on this community as well, if you search.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
Red

Cisco PIX 515 E to ASA upgrade?

Here's couple of them:

https://supportforums.cisco.com/message/3409273#3409273

https://supportforums.cisco.com/message/3633570#3633570

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Cisco PIX 515 E to ASA upgrade?

Thanks so much.

I am sure the utility cna ber very useful.

Regards,

Masood

New Member

Cisco PIX 515 E to ASA upgrade?

hi,

would the PIX to ASA utility works even if teh ASA has been upgraded to 8.4?

is there a link to that utility? I couldn;'t find it?

Thanks,

Masood

Cisco PIX 515 E to ASA upgrade?

Hello,

Sure let me know as soon as you have the image..

Its because the syntax from the ACL changes from version 8.2 to 8.3.. So if you are going to a 8.2 or lower version you can copy and paste it with no problem.

Regards,

Do rate all the helpful posts

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Cisco PIX 515 E to ASA upgrade?

thanks.

what happens if the ASA versiuon is 8.3?

Regards,

Masood

Cisco PIX 515 E to ASA upgrade?

Hello,

On the ACL you will need to point to the Private ip address ( Real Ip)  instead of the public ip address (Natted)..

https://supportforums.cisco.com/docs/DOC-12690

That link will help you....

Regards,

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Cisco PIX 515 E to ASA upgrade?

Hi,

the current PIX 525 image is 8.0(4). I was worng stating 515 E

the ASA, a piar of ASA 5520 - no image has been mentioned.

they also need redundancy but I am not sure if Staefull where a switch willbe used between teh two ASA's or just Ether using teh RJ 456 gigi interfaces on each ASA 9two on each one I am assuming!)

So, did you mean image on teh PIX or ASA when you noted if 8.2 or lower configs on teh pIX can directly be used on the ASA?

Also, is there writ ups on teh redundancy configuration for ASAs that you know of?

Please advise,

Regards,

Red

Cisco PIX 515 E to ASA upgrade?

Hi,

You can take the PIX 8.0.4 to ASA 8.0.4 and then if you want you can take it higher in the ASA image chain to 8.2.x.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
Red

Cisco PIX 515 E to ASA upgrade?

Failover Doc:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Cisco PIX 515 E to ASA upgrade?

So, I can transfer over the current PIX 525 8.0 (4) over to the ASA!?

and thanks fo rthe documnet on the failover. I knew it existed because I remember using it a few years ago, without a switch but only using the gig interfaces on teh ASA's.

Regards,.

Maosod

Red

Cisco PIX 515 E to ASA upgrade?

Yes you can do that, you shoudl not face any issues with it.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Cisco PIX 515 E to ASA upgrade?

Hi Varun,

I have more information now.

here is what the ASa is:

The IOS on the ASA was updatewd by the client to Version 843 and ASDM to version 647

both ASA have active/Avtive Failover Licenses

I assume with ASA now version 843, I need o tewaks teh PIX configs a little like listed in Cisco documnetation with that line that says: jobect..

Thanks,

masood

Cisco PIX 515 E to ASA upgrade?

Hello,

My recomendation is the same that Varun suggested before,

1- Downgrade the ASA version to 8.2

2- Migrate to Pix 8.0(4) to ASA 8.2

3-Upgrade the ASA form 8.2 to 8.4

With this all the major changes from 8.2 to 8.4 will be done automatically by the ASA.

If any help is need it in the process just let us know, we will be more than glad to help.

Regards,

Do rate all the helfpul posts

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Cisco PIX 515 E to ASA upgrade?

Hi Julio,

this install is approaching as it was put on hold for some times but active now.

I see you mentioned:

My recomendation is the same that Varun suggested before,

1- Downgrade the ASA version to 8.2

2- Migrate to Pix 8.0(4) to ASA 8.2

3-Upgrade the ASA form 8.2 to 8.4

With this all the major changes from 8.2 to 8.4 will be done automatically by the ASA.

Now, I was wondering if I need to make any changes to the pIXs i.e. downgrade or upgrade the pIXs that has the cofiguration or just downgrade the ASAs to 8.2, transfer configs from PIX over to ASA 8.2 and then up[grade ASA to 8.4?

Also, I had done Active/standby failover configuration in the past using the command line (private IPs using gigi interfaces in teh ASAs - i.e. no siwtch in between) but I cannot find the conmfogs I created a few years ago and i wa swondering if you guys do have a working Active/Standby configuration? I remember that I dcouldn;'t get to work using ASDM (the GUI) and had to do that using command line.

Please advise,

Regards,

Masood

Do rate all the helfpul posts

New Member

Cisco PIX 515 E to ASA upgrade?

Thanks Julio,

the client had upgraded the ASA to 834 and now I need to make sure that I can downgrad to 8.2 before I start my work.

question: how can I downgrade to 8.2? ----> just reset to Factory Default?

I will see what cleint says to that but I don't think they protest!?

Thanks so much for your advise.

Regards,

Masood

Cisco PIX 515 E to ASA upgrade?

Hello,

If you have no configuration yet on the ASA, just donwload from CISCO.com the ASA8.2 image and then upload it to the ASA using a TFTP server or ASDM.

Then change the boot system process with the

boot system flash:asa8.2.bin

Save the configuration

wr

and finally reload the ASA.

Regards,

Please rate all the post that helps

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Re: Cisco PIX 515 E to ASA upgrade?

Thanks much. This will certainly help and I need to get the image downloaded and perform a down grade before going any further.

Regards,

Masood

Sent from Cisco Technical Support iPhone App

Re: Cisco PIX 515 E to ASA upgrade?

Hello Masood,

Sure, it is my pleasure to help!!

If there is something else I can do for you just let me know.I will be more than glad to help.

Have a good one!!!

Do Rate all the helpful posts

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
870
Views
0
Helpful
21
Replies