08-22-2013 08:32 PM
Dear All,
Could you let me know how can i move my configuration from ASA 5510 v.8.0 to the new ASA 5515-x V9.1.1?
i used copy running to TFTP and apply to the new ASA but it has some error like nat and Certificate.
could i export my certificate the old ASA and import to the new ASA, that are different version. Does has any solution without donwtime ?
Best Regards,
Rechard
08-23-2013 07:05 AM
Rechard
I do not believe that there is a way to do the transition from old ASA running 8.0 to new ASA running 9.1 without some downtime. But is is possible to minimize the downtime. I have recently done a transition like that and it was not an easy one. As you have discovered if you attempt to copy the old config to the new ASA it will reject as invalid syntax much of the access lists and all of the nat.
The easier way to do the transition is to have an ASA running the old code with the old config and to upgrade that ASA to 9.1. In this process the 9.1 code should read the config from startup and will do a conversion to the new syntax. I have done this going from 8.0 to 8.4 and see no reason why 9.1 would be different. You then only need to check the accuracy of the conversion. And then you can take the converted config and load it on the new ASA. In my recent conversion we did not have an extra ASA with old code, the new ASA does not support the old version, and the downtime to do this on the existing ASA was not acceptable. So I took the access lists and nat and did a manual translation from old to new. I loaded the modified config on the new ASA and did some checking. We then just switched connections from old ASA to new ASA and the downtime was minimal.
HTH
Rick
08-23-2013 07:21 PM
Dear Rick,
Greating your Help!
How about certificate for ssl vpn,Could we back up it or not?
How can we backup and restore back?
Best Regads,
Rechard
08-23-2013 08:44 PM
Certificates can be backed up - most easily in ASDM by using using the backup tool and unselect "Backup All" in favor of "Certificates".
Rererence guide here:
08-28-2013 02:10 AM
Dear Marvin and all,
thanks you for command.
right now i'm still have problem with certificate. i mean that i still cannot export from ASA 5510 v.8 to ASA 5512-x V9.
1- could you advice, how to export and import on new ASA?
2-if cannot, could you let me know how can i create new certificate and configure the new certificate in to ASA 5512-x.
Best Regards,
rechard
08-28-2013 01:20 PM
What kind of certificate is it?
Self-signed certficates cannot be transferred (nor would you want to). Also, those generated from a CA using a CSR with serial number embedded also cannot be transferred.
08-28-2013 08:13 PM
Dear Marvin,
If cannot ,Could you let me know how to install CA on ASA 5512-x?
I never configure on CA.
Best Regards,
Rechard
08-28-2013 08:57 PM
You have to tell us what kind of certificate is on old ASA. The command to show them is:
show crypto ca certificates
I recommend you read this article.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: