Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX525 migrate to ASA5545-X

Hi ,

 

Please some advice and help.

I have a ha pair of PIX525 with 7.0(4) and prepare for migrating to ASA5545-X with version 9.x

It seems that a PIX to ASA setup tool is available in download center but i am wondering if it can properly work for 7.0(4) to 9.x?

Can someone give the right answer about this?

if the migration tool can’t suitable for 7.0(4) to 9.x, it there any suggesting version to migrating configuration automatically to 9.x smooth

Manually configuring is the last way i have considered because more than 400 NAT rules transferring to object NAT format is really annoying :(

  • Firewalling
1 ACCEPTED SOLUTION

Accepted Solutions

Hello, This is a critical

Hello,

 

This is a critical migration as lot of stuff has been changed.

 

I recommend do it manually as much as possible but otherwise you would have to copy the config to an ASA running 8.2 and do it automatically but of course a lot of things might get broken so you have to get a specialist for this.

 

I created a post about what to do in my blog.

 

http://www.laguiadelnetworking.com/asa-8-3-upgrade-new-features-known-issues-best-practicesetc/

 

Regards,

 

Jcarvaja

CCIE 42930, 2xCCNP, JNCIS-SEC

For inmediate support http://iNetworks.cr

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
2 REPLIES

Hello, This is a critical

Hello,

 

This is a critical migration as lot of stuff has been changed.

 

I recommend do it manually as much as possible but otherwise you would have to copy the config to an ASA running 8.2 and do it automatically but of course a lot of things might get broken so you have to get a specialist for this.

 

I created a post about what to do in my blog.

 

http://www.laguiadelnetworking.com/asa-8-3-upgrade-new-features-known-issues-best-practicesetc/

 

Regards,

 

Jcarvaja

CCIE 42930, 2xCCNP, JNCIS-SEC

For inmediate support http://iNetworks.cr

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
Hall of Fame Super Silver

I agree with Julio - it is

I agree with Julio - it is more work but worth it to dig into your NAT rules and look to streamline them and recreate manually on the new syntax, availing yourself of the broader set of capabilities.

If you use the migration tool (to pre-8.3 syntax only) and then follow the parser automigration to post-8.3, the configuration will be even more convoluted and harder for a human to read.

You're taking the firewall equivalent of a Windows 95 (or maybe XP) system and upgrading it to Windows 8.1 era. If it was a PC would you upgrade though XP and Windows 7 or do a fresh build?

37
Views
5
Helpful
2
Replies