We are helping a client move from PIX 525 to ASA 5585-X, SSP10. This is a production environment and very critical migration. Has someone done this and could provide a step-by-step procedure. What are the gotchas which we should be aware off?
What version of ASA are you using??? You would first need to convert the configuration fro PIX to ASA 8.2 and from ther you can take it to higher codes like 8.3 or later. There's a PIX to ASA migration tool available on cisco.com, you can download it from there.
Your plan of action should be to, first install version 8.2.x on your ASA, convert the config from PIX to ASA using the tool, apply the config on the ASA, and then upgrade the ASA to version 220.127.116.11, ASA would convert the config from 8.2.x to 18.104.22.168 itself, since there are some NAT and ACL changes from 8.3 & later.
Yes you would need a person wit sound knowlede of ASA, who can test things at every step.
I have done tones of this type of migration, the only problem you'll faced is this, since you're maintaining the same configuration but changing the chassis, you'll MAY encouter arp issues. I face this all the time.
This is because, when you change chassis, and the interface IP remains the same, the LAN switch is going to see 2 different MAC addresses for the same IP Address. Please be sure to clear the ARP TABLE on all directly connected LAN switches.
Don't be fooled, as I've failed this exercise few times in the past due to ARP. After I swapped the chassis, I didn't clear the ARP TABLE, thinking it was not necessary, but I learnt this the hard way :-)
Good luck bro!
Ramraj Sivagnanam Sivajanam
Technical Specialist/Service Delivery Manager – Managed Service Department
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...