cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
36296
Views
40
Helpful
15
Replies

Tool for migrate ASA from 8.2 to 8.4

Rizal Ferdiyan
Level 1
Level 1

Dear guys,

I have plan to migrate my firewall from 8.2 to 8.4. I have search in cisco docs, there a lot syntac configuration change in ASA 8.4. Is there any tool to migrate syntax from ASA 8.2 to ASA 8.4 ?

Thank u before.

Best Regards,

Rizal Ferdiyan

1 Accepted Solution

Accepted Solutions

HI Rizal,

Thats correct, you can upgrade in multiple context as well, and it will upgrade it automatically.

You ca upgrade your old ASA first to 8.4, test it in the lab, compare the configuration and when it is correct, copy the startup config to the new ASA and use it as your running config. But you can try whihc ever method suits you.

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

15 Replies 15

varrao
Level 10
Level 10

Hi Rizal,

You can upgrade the version on a test environment first, and compare the nat statements and acl changes before putting it into the production environment. You can refer to these docs for it:

https://supportforums.cisco.com/docs/DOC-12690

Migration Guide:

http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html

You can use this doc as well.

If you need to get anything validated, you can also open a TAC case for it. AFAIK there is no migration tool for it since the ASA does migrate it automatically when you upgrade.

Thanks,

Varun

Thanks,
Varun Rao

Thank U Varun for your explanation, it help me so much ...

Btw, I have one more question if i have multiple context for ASA, let say  i have 3 context : first context admin, 2nd context B and third context C. Is the upgrade process will automaticly convert all configuration ( 3 context configuration and system configuration) ?

Actually i don't do upgrade from one ASA, i do replace old ASA to new ASA. My old ASA have 8.2 software version and my new ASA have 8.4 software version. After i read your explanation i will downgrade my new ASA software version 8.4 to 8.2, after that i copy my old ASA configuration file to new ASA configuration file after that i will upgrade my new ASA software version to 8.4. Is my step correct or you have a better idea. Btw, i have plan to change my port configuration (old configuration : Gig0/2 --> INSIDE, Gig0/3 --> OUTSIDE, new configuration : Gig0/0 --> INSIDE, Gig0/1 --> OUTSIDE).

Best Regards,

Rizal Ferdiyan

HI Rizal,

Thats correct, you can upgrade in multiple context as well, and it will upgrade it automatically.

You ca upgrade your old ASA first to 8.4, test it in the lab, compare the configuration and when it is correct, copy the startup config to the new ASA and use it as your running config. But you can try whihc ever method suits you.

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

Hi

I am in a similair position, but I have current ASA running 8.0 and need to upgrade to latest (9.8.2)

Any advice?

 

thanks

Dave

Hi

I am in a similair position, but I have current ASA running 8.0 and need to upgrade to latest (9.8.2)

Any advice?

 

thanks

 

Good comments but I do not see the link to download the application. Can Someone share that link? I need to migrate 14 devices and I am not sure how works the ACLs and NATs.

Hi Claudio,

There is no tool for migration, but the firewall does it automatically when you change the boot parameters on the ASA and reload it with the 8.4 image. The firewall would do all the migrations itself. You can refer to the links above for complete information.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

bkoch1
Level 1
Level 1

I tried the "no names" as part of the upgrade from 8.2(5) -> 8.3(2) -> 8.4(2) -> 8.4(7).

In the end, I ended up with a bunch of replicated entries

For example:

object network obj-10.3.254.5

host 10.3.254.5

object network obj-192.124.35.128

subnet 192.124.35.128 255.255.255.128

object network obj-192.124.35.0

subnet 192.124.35.0 255.255.255.128

All of these have names associated with them earlier in the startup config file. So what do I do, get rid of all these entries manually?

gauraku3
Cisco Employee
Cisco Employee

Hi Rizal,

 

Cisco now has a migration tool for such migrations

Visit http://fwm.cisco.com/

Thanks & regards,

Gaurav Kumar CCIE# 49565
Cisco-TAC Engineer, Security Team

The migration tool at http://fwm.cisco.com is gone.  Why can't these tools ever stay up for longer than a few months?  There used to be a NAT migration tool at http://gypsy.cisco.com and it's gone now too.  

Ok the tool is still there, but it's httpS://fwm.cisco.com not http://fwm.cisco.com

Tool is still available - just slightly changed.

New link = https://fwm.cisco.com/auth.do

You can login using CCO credentials and select Firewall Migration from App Menu

FWM Login

Description of the tool can be found here:

https://marketplace.cisco.com/solutionsshowcase/companies/securview-inc/products/firewall-migration-solution-fwm--2

Is this available to partners or this is a seperate paid service. I have been trying for the past 2 days but no luck, the file just shows processing and processing and thats it. Has anyone able to successfully use this tool so far. 

Sajjad

It worked great for me.  Saved me a bunch of time. 

How log did it take to complete from the Queue? 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: