Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
5
Helpful
2
Replies

PIX525 migrate to ASA5545-X

Go to solution
warten.pan
Level 1
Level 1

‎07-30-2014 11:56 AM - edited ‎03-11-2019 09:33 PM

Hi ,

 

Please some advice and help.

I have a ha pair of PIX525 with 7.0(4) and prepare for migrating to ASA5545-X with version 9.x

It seems that a PIX to ASA setup tool is available in download center but i am wondering if it can properly work for 7.0(4) to 9.x?

Can someone give the right answer about this?

if the migration tool can’t suitable for 7.0(4) to 9.x, it there any suggesting version to migrating configuration automatically to 9.x smooth

Manually configuring is the last way i have considered because more than 400 NAT rules transferring to object NAT format is really annoying :(

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎07-30-2014 04:37 PM

Hello,

 

This is a critical migration as lot of stuff has been changed.

 

I recommend do it manually as much as possible but otherwise you would have to copy the config to an ASA running 8.2 and do it automatically but of course a lot of things might get broken so you have to get a specialist for this.

 

I created a post about what to do in my blog.

 

http://www.laguiadelnetworking.com/asa-8-3-upgrade-new-features-known-issues-best-practicesetc/

 

Regards,

 

Jcarvaja

CCIE 42930, 2xCCNP, JNCIS-SEC

For inmediate support http://iNetworks.cr

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

2 Replies 2

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎07-30-2014 04:37 PM

Hello,

 

This is a critical migration as lot of stuff has been changed.

 

I recommend do it manually as much as possible but otherwise you would have to copy the config to an ASA running 8.2 and do it automatically but of course a lot of things might get broken so you have to get a specialist for this.

 

I created a post about what to do in my blog.

 

http://www.laguiadelnetworking.com/asa-8-3-upgrade-new-features-known-issues-best-practicesetc/

 

Regards,

 

Jcarvaja

CCIE 42930, 2xCCNP, JNCIS-SEC

For inmediate support http://iNetworks.cr

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-30-2014 06:37 PM

I agree with Julio - it is more work but worth it to dig into your NAT rules and look to streamline them and recreate manually on the new syntax, availing yourself of the broader set of capabilities.

If you use the migration tool (to pre-8.3 syntax only) and then follow the parser automigration to post-8.3, the configuration will be even more convoluted and harder for a human to read.

You're taking the firewall equivalent of a Windows 95 (or maybe XP) system and upgrading it to Windows 8.1 era. If it was a PC would you upgrade though XP and Windows 7 or do a fresh build?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card