07-30-2014 11:56 AM - edited 03-11-2019 09:33 PM
Hi ,
Please some advice and help.
I have a ha pair of PIX525 with 7.0(4) and prepare for migrating to ASA5545-X with version 9.x
It seems that a PIX to ASA setup tool is available in download center but i am wondering if it can properly work for 7.0(4) to 9.x?
Can someone give the right answer about this?
if the migration tool can’t suitable for 7.0(4) to 9.x, it there any suggesting version to migrating configuration automatically to 9.x smooth
Manually configuring is the last way i have considered because more than 400 NAT rules transferring to object NAT format is really annoying :(
Solved! Go to Solution.
07-30-2014 04:37 PM
Hello,
This is a critical migration as lot of stuff has been changed.
I recommend do it manually as much as possible but otherwise you would have to copy the config to an ASA running 8.2 and do it automatically but of course a lot of things might get broken so you have to get a specialist for this.
I created a post about what to do in my blog.
http://www.laguiadelnetworking.com/asa-8-3-upgrade-new-features-known-issues-best-practicesetc/
Regards,
Jcarvaja
CCIE 42930, 2xCCNP, JNCIS-SEC
For inmediate support http://iNetworks.cr
07-30-2014 04:37 PM
Hello,
This is a critical migration as lot of stuff has been changed.
I recommend do it manually as much as possible but otherwise you would have to copy the config to an ASA running 8.2 and do it automatically but of course a lot of things might get broken so you have to get a specialist for this.
I created a post about what to do in my blog.
http://www.laguiadelnetworking.com/asa-8-3-upgrade-new-features-known-issues-best-practicesetc/
Regards,
Jcarvaja
CCIE 42930, 2xCCNP, JNCIS-SEC
For inmediate support http://iNetworks.cr
07-30-2014 06:37 PM
I agree with Julio - it is more work but worth it to dig into your NAT rules and look to streamline them and recreate manually on the new syntax, availing yourself of the broader set of capabilities.
If you use the migration tool (to pre-8.3 syntax only) and then follow the parser automigration to post-8.3, the configuration will be even more convoluted and harder for a human to read.
You're taking the firewall equivalent of a Windows 95 (or maybe XP) system and upgrading it to Windows 8.1 era. If it was a PC would you upgrade though XP and Windows 7 or do a fresh build?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: