Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2867
Views
0
Helpful
7
Replies

move configure from old ASA to new ASA 5515x?

rechard_hk
Level 1
Level 1

‎08-22-2013 08:32 PM

Dear All,

Could you let me know how can i move my configuration from ASA 5510 v.8.0 to the new ASA 5515-x V9.1.1?

i used copy running to TFTP and apply to the new ASA but it has some error like nat and Certificate.

could i export my certificate the old ASA and import to the new ASA, that are different version. Does has any solution without donwtime ?

Best Regards,

Rechard

Labels:
0 Helpful
7 Replies 7

Richard Burts
Hall of Fame
Hall of Fame

‎08-23-2013 07:05 AM

Rechard

I do not believe that there is a way to do the transition from old ASA running 8.0 to new ASA running 9.1 without some downtime. But is is possible to minimize the downtime. I have recently done a transition like that and it was not an easy one. As you have discovered if you attempt to copy the old config to the new ASA it will reject as invalid syntax much of the access lists and all of the nat.

The easier way to do the transition is to have an ASA running the old code with the old config and to upgrade that ASA to 9.1. In this process the 9.1 code should read the config from startup and will do a conversion to the new syntax. I have done this going from 8.0 to 8.4 and see no reason why 9.1 would be different. You then only need to check the accuracy of the conversion. And then you can take the converted config and load it on the new ASA. In my recent conversion we did not have an extra ASA with old code, the new ASA does not support the old version, and the downtime to do this on the existing ASA was not acceptable. So I took the access lists and nat and did a manual translation from old to new. I loaded the modified config on the new ASA and did some checking. We then just switched connections from old ASA to new ASA and the downtime was minimal.

HTH

Rick

HTH

Rick
0 Helpful

rechard_hk
Level 1
Level 1
In response to Richard Burts

‎08-23-2013 07:21 PM

Dear Rick,

Greating your Help!

How  about certificate for ssl vpn,Could we back up it or not?

How can we backup and restore back?

Best Regads,

Rechard

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to rechard_hk

‎08-23-2013 08:44 PM

Certificates can be backed up - most easily in ASDM by using using the backup tool and unselect "Backup All" in favor of "Certificates".

Rererence guide here:

http://www.cisco.com/en/US/docs/security/asa/asa90/asdm70/configuration_guide/admin_swconfig.html#wp1508712

0 Helpful

rechard_hk
Level 1
Level 1
In response to Marvin Rhoads

‎08-28-2013 02:10 AM

Dear Marvin and all,

thanks you for command.

right now i'm still have problem with certificate. i mean that i still cannot export from ASA 5510 v.8 to ASA 5512-x V9.

1- could you advice, how to export and import on new ASA?

2-if cannot, could you let me know how can i create new certificate and configure the new certificate in to ASA 5512-x.

Best Regards,

rechard

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to rechard_hk

‎08-28-2013 01:20 PM

What kind of certificate is it?

Self-signed certficates cannot be transferred (nor would you want to). Also, those generated from a CA using a CSR with serial number embedded also cannot be transferred.

0 Helpful

rechard_hk
Level 1
Level 1
In response to Marvin Rhoads

‎08-28-2013 08:13 PM

Dear Marvin,

If cannot ,Could you let me know how to install CA on ASA 5512-x?

I never configure on CA.

Best Regards,

Rechard

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to rechard_hk

‎08-28-2013 08:57 PM

You have to tell us what kind of certificate is on old ASA. The command to show them is:

show crypto ca certificates

I recommend you read this article.


0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents