Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 506 configuration to a ASA5510

Im looking for a tool or something that I can convert my PIX 506(rev 6.3(5)) configuration to a ASA 5510 (rev 7.0(4)). Is there a easy way of doing this?

12 REPLIES
New Member

Re: Pix 506 configuration to a ASA5510

No, but the commands are not that different.

Re: Pix 506 configuration to a ASA5510

Post the config so we can help you to convert it.

HTH

AK

New Member

Re: Pix 506 configuration to a ASA5510

Similar delema

Im goin gfrom a 520 to a 5520 with little to no luck any help would be greatful

Re: Pix 506 configuration to a ASA5510

Are you having problem with the config, or issue allowing traffic in/out of the ASA?

Most of the PIX config already transfered to ASA, and looks ok.

New Member

Re: Pix 506 configuration to a ASA5510

Having problems getting any traffic to the out bound once I stated moving the pix config over. I did't config the original so there atually may be an issue on the pix config that could be causing the issue on the asa Im just not seeing it.....:(

Bronze

Re: Pix 506 configuration to a ASA5510

Hello,

Your configuration looks fine. Can you check some basic connectivity issues (ping things on all interfaces, check to see if you get arp entries). It may be something as simple as cabling

Also, I tried pinging the ip addresses on your outside interface (the 208 range) - check with your provider to make sure there isn't an issue - they say that network is unreachable - which means they might have an issue (or that network is off an interface on that router that is down)

C:\Documents and Settings>ping 208.35.55.3

Pinging 208.35.55.3 with 32 bytes of data:

Reply from 144.232.200.42: Destination net unreachable.

Reply from 144.232.200.42: Destination net unreachable.

Ping statistics for 208.35.55.3:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

Control-C

^C

C:\Documents and Settings>ping 208.35.55.254

Pinging 208.35.55.254 with 32 bytes of data:

Reply from 144.232.200.42: Destination net unreachable.

Reply from 144.232.200.42: Destination net unreachable.

--Jason

Please rate this message if it solved some or all of your issue/question.

New Member

Re: Pix 506 configuration to a ASA5510

network is up and running on the Pix, you cant ping from the outside do to another layer of control, do a swap to the asa and nothing no dmz access no out bound traffic. same network cables. Log wise I get errors in refraance to missing routes....

Bronze

Re: Pix 506 configuration to a ASA5510

Hello,

Can you paste us the exact log message?

New Member

Re: Pix 506 configuration to a ASA5510

not in the office today, ice storm...

the erros Im recieving are in referance attempts made to the syslog server on the 10 network, not route to destination then fail or something on thoughs lines. thats whyy I started looking back at the config, I currently cant ping anything from each zone, meaning 10 can t ping 172, 172 cant ping each other how ever I show traffic between the 2 dmz'z. Static issue?

Bronze

Re: Pix 506 configuration to a ASA5510

Hello,

It does sound like you have a nat issue of some sort, but without seeing the exact log message i can't really tell you what it is.

What I would do is remove these to statics:

no static (inside,dmz) 10.0.0.0 10.0.0.0 netmask 255.0.0.0

nostatic (inside,dmz2) 10.0.0.0 10.0.0.0 netmask 255.0.0.0

And turn off nat-control (which is what you were doing basically with those statics anyway)

no nat-control

Assuming your DMZ hosts know to route the 10.x traffic back to the firewall, your access lists should allow this to work.

--Jason

Please rate if this message if it helped solve some or all of your issue.

New Member

Re: Pix 506 configuration to a ASA5510

arp cache on the router... thanks for the time

New Member

Re: Pix 506 configuration to a ASA5510

Im all set. Thanks for the response.

122
Views
0
Helpful
12
Replies
CreatePlease login to create content