01-10-2012 06:16 PM - edited 03-11-2019 03:12 PM
Hi Guys,
I am wondering if it's possible to convert a Pix 501 configuration running version 6.3(5) to a new ASA5505 which we just purchased? We have site to site VPN on this device and i am just trying to save some time. I believe Cisco TAC might have a tool to do this but i am not sure.
Any help will be greatly appreciated.
Thanks,
Lake
Solved! Go to Solution.
01-10-2012 06:21 PM
Hello,
I think this is what you are looking for:
http://www.cisco.com/en/US/docs/security/asa/migration/guide/pix2asa.html
Let me know if you need something else.
Rate this post if it helps you.
Julio
01-10-2012 07:19 PM
Note that if you use the tool Julio pointed to, you would have to be running ASA software 7.x t be compatible with the tool command syntax-wise.
That would be a downgrade from anything currently shipping (the last 7.2 release was in early 2010). If you went that route, you'd be best served by then subsequently upgrading to 8.x (anything pre 8.3 - such as 8.2(5)) and then finally to the current ASA release - 8.4(2). I believe the TAC would even suggest a stop along the way at 8.0 just to be on the safe side.
Unless you have a whole lot of complicated configuration, you'd probably be better served by just parsing out the old Pix config and building it anew in ASA 8.4(2) from the get-go. Use ASDM if you're not comfortable with the CLI. A Pix is unlikely to have much more than some access-lists, NATs / NAT exemptions and VPN tunnels. All of that can be easily built fresh in a new ASA.
It's a good opportunity to validate and completely understand your configuration.
01-10-2012 06:21 PM
Hello,
I think this is what you are looking for:
http://www.cisco.com/en/US/docs/security/asa/migration/guide/pix2asa.html
Let me know if you need something else.
Rate this post if it helps you.
Julio
01-10-2012 07:24 PM
Thank you
01-10-2012 07:19 PM
Note that if you use the tool Julio pointed to, you would have to be running ASA software 7.x t be compatible with the tool command syntax-wise.
That would be a downgrade from anything currently shipping (the last 7.2 release was in early 2010). If you went that route, you'd be best served by then subsequently upgrading to 8.x (anything pre 8.3 - such as 8.2(5)) and then finally to the current ASA release - 8.4(2). I believe the TAC would even suggest a stop along the way at 8.0 just to be on the safe side.
Unless you have a whole lot of complicated configuration, you'd probably be better served by just parsing out the old Pix config and building it anew in ASA 8.4(2) from the get-go. Use ASDM if you're not comfortable with the CLI. A Pix is unlikely to have much more than some access-lists, NATs / NAT exemptions and VPN tunnels. All of that can be easily built fresh in a new ASA.
It's a good opportunity to validate and completely understand your configuration.
01-10-2012 07:25 PM
Thank you. I truly appreciate all your help.
Regards,
Lake
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: