First you have to see the version of your pix to decide if you can copy and past configuration or not , then you have to tell us what the cable type that you install for your failover , last my advice is to configure your both ASA form zero ,there is no othere special steps to do.
Assuming your config is not too large, I find it best to copy/paste one or two sections at a time of the old config into the new device. Some things you can do with bulk copies, like access-lists and static nat entries. Other things you will want to copy/paste more slowly, like vpn configs or other things, just to make sure there are no or few errors.
I've not migrated from PIX to ASA, but I have done many migrations from PIX 6.3(x) to PIX7.x, and that's what i've had the most success with.
(oh, and incase you've been living in a cave, ASA's don't support conduits).
It would solve most of your questions. If your running 6.X code, upgrade it to 7.X first and then you could copy the configuration to the ASA. But just in case you wouldn't be able to upgrade, I guess its going to be the hard way.
I have done about 20 or so of these upgrades, and the biggest changes from version 6.x to 7.x revolve around 1) interface configuration, 2) VPNs & 3) modular policy framework (ICMP, fixup, etc.) 4) failover
Of those changes, the only element of config that may not properly be migrated after an upgrade would be your VPN configuration - the move to tunnel groups and group policy is a big change and sometimes the ACLs used to identify interesting traffic for crypto maps does not populate properly.
If you are starting from scratch rather than upgrading, all of your object-groups, ACLs, names, NAT configuration and fixup data (though it will be transformed as you enter it ) can be copied and pasted directly. The interface configuration is more like that of traditional IOS and should be very easy to accomplish.
Remember that if you are going to use the management interface to turn off the "management-only" option - that's a nasty gotcha that can be very frustrating when you are sitting there during a maintenance window wondering why that interface won't pass traffic.
Failover is LAN-only - you no longer use a state cable for failover. Rather, you should have a dedicated LAN interface for failover. As such, if you need a DMZ, buy the security plus license for the 5510 so that you will have more than just the inside and outside interfaces available to pass traffic.
Conduits are bad - be sure to convert them to ACLs before moving to the new platform.
Consider using the latest interim release if you run 7.2 instead of the GD release - lots of bugs have been addressed in the interim releases, some of which were pretty nasty.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :