Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Pix Config conversion

Hi Guys,

I am wondering if it's possible to convert a Pix 501 configuration running version 6.3(5) to a new ASA5505 which we just purchased? We have site to site VPN on this device and i am just trying to save some time. I believe Cisco TAC might have a tool to do this but i am not sure.

Any help will be greatly appreciated.

Thanks,

Lake

2 ACCEPTED SOLUTIONS

Accepted Solutions

Pix Config conversion

Hello,

I think this is what you are looking for:

http://www.cisco.com/en/US/docs/security/asa/migration/guide/pix2asa.html

Let me know if you need something else.

Rate this post if it helps you.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Hall of Fame Super Silver

Pix Config conversion

Note that if you use the tool Julio pointed to, you would have to be running ASA software 7.x t be compatible with the tool command syntax-wise.

That would be a downgrade from anything currently shipping (the last 7.2 release was in early 2010). If you went that route, you'd be best served by then subsequently upgrading to 8.x (anything pre 8.3 - such as 8.2(5)) and then finally to the current ASA release - 8.4(2). I  believe the TAC would even suggest a stop along the way at 8.0 just to be on the safe side.

Unless you have a whole lot of complicated configuration, you'd probably be better served by just parsing out the old Pix config and building it anew in ASA 8.4(2) from the get-go. Use ASDM if you're not comfortable with the CLI. A Pix is unlikely to have much more than some access-lists, NATs / NAT exemptions and VPN tunnels. All of that can be easily built fresh in a new ASA.

It's a good opportunity to validate and completely understand your configuration.

4 REPLIES

Pix Config conversion

Hello,

I think this is what you are looking for:

http://www.cisco.com/en/US/docs/security/asa/migration/guide/pix2asa.html

Let me know if you need something else.

Rate this post if it helps you.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Pix Config conversion

Thank you

Hall of Fame Super Silver

Pix Config conversion

Note that if you use the tool Julio pointed to, you would have to be running ASA software 7.x t be compatible with the tool command syntax-wise.

That would be a downgrade from anything currently shipping (the last 7.2 release was in early 2010). If you went that route, you'd be best served by then subsequently upgrading to 8.x (anything pre 8.3 - such as 8.2(5)) and then finally to the current ASA release - 8.4(2). I  believe the TAC would even suggest a stop along the way at 8.0 just to be on the safe side.

Unless you have a whole lot of complicated configuration, you'd probably be better served by just parsing out the old Pix config and building it anew in ASA 8.4(2) from the get-go. Use ASDM if you're not comfortable with the CLI. A Pix is unlikely to have much more than some access-lists, NATs / NAT exemptions and VPN tunnels. All of that can be easily built fresh in a new ASA.

It's a good opportunity to validate and completely understand your configuration.

Pix Config conversion

Thank you. I truly appreciate all your help.

Regards,

Lake

294
Views
0
Helpful
4
Replies
CreatePlease to create content