Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Port configuration from ASA5510 8.2(5) to ASA5515-X 8.6(1)

I'm looking for the best solution to this problem:

Moving from one data center to another

Network is live/in-use at both DCs now

Old DC has ASA5510 v8.2(5)

New DC has ASA5515-X v8.6(1)

How can I best port the config from old to new?  Manually going thru line by line would take a while - the config is > 75k.  Needless to say the main concern is how NAT is handled.

One of the limiting issues is that I am remote (1000 miles) so I feel I have to have a solution that works first time since my customer is 3+ hours away from DC.

Does Cisco offer a conversion tool for this?

 

Suggestions?

Thanks - Phil

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

They recently started

They recently started offering a tool for the conversion:

https://fwm.cisco.com/auth.do

Sign up for a free account. They do the conversion offline for you and send you a link to the converted configuration.

That said, if I had a config with 75k lines, I'd also invest in an entry license of SolarWinds FSM and run it though that looking for hidden or shadowed rules. 

2 REPLIES
Hall of Fame Super Silver

They recently started

They recently started offering a tool for the conversion:

https://fwm.cisco.com/auth.do

Sign up for a free account. They do the conversion offline for you and send you a link to the converted configuration.

That said, if I had a config with 75k lines, I'd also invest in an entry license of SolarWinds FSM and run it though that looking for hidden or shadowed rules. 

Community Member

Marvin,I got the FWM acct

Marvin,

I got the FWM acct setup and submitted my 8.2(5) config.  What I got back is not useful.

The accompanying conversion log file indicated all interfaces in the 8.2(5) config and their IPs, nameif and security-levels were ignored.  The resulting conversion config therefor had no NAT entries or anything to do with inside, outside or dmz  Is the tool supposed to do better than that?

I have a Security Plus ASA5505 in my lab so I took the original ASA5510 config and edited it so it would run on the 5505 - changed interfaces mostly.  I then did the 8.2(5) to 8.4 conversion and got a whole lot more useful result.  Did I miss something when using the Cisco FWM tool maybe?

Thx,

Phil

68
Views
0
Helpful
2
Replies
CreatePlease to create content