Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

move configure from old ASA to new ASA 5515x?

Dear All,

Could you let me know how can i move my configuration from ASA 5510 v.8.0 to the new ASA 5515-x V9.1.1?

i used copy running to TFTP and apply to the new ASA but it has some error like nat and Certificate.

could i export my certificate the old ASA and import to the new ASA, that are different version. Does has any solution without donwtime ?

Best Regards,

Rechard

  • VPN
7 REPLIES
Hall of Fame Super Silver

move configure from old ASA to new ASA 5515x?

Rechard

I do not believe that there is a way to do the transition from old ASA running 8.0 to new ASA running 9.1 without some downtime. But is is possible to minimize the downtime. I have recently done a transition like that and it was not an easy one. As you have discovered if you attempt to copy the old config to the new ASA it will reject as invalid syntax much of the access lists and all of the nat.

The easier way to do the transition is to have an ASA running the old code with the old config and to upgrade that ASA to 9.1. In this process the 9.1 code should read the config from startup and will do a conversion to the new syntax. I have done this going from 8.0 to 8.4 and see no reason why 9.1 would be different. You then only need to check the accuracy of the conversion. And then you can take the converted config and load it on the new ASA. In my recent conversion we did not have an extra ASA with old code, the new ASA does not support the old version, and the downtime to do this on the existing ASA was not acceptable. So I took the access lists and nat and did a manual translation from old to new. I loaded the modified config on the new ASA and did some checking. We then just switched connections from old ASA to new ASA and the downtime was minimal.

HTH

Rick

New Member

move configure from old ASA to new ASA 5515x?

Dear Rick,

Greating your Help!

How  about certificate for ssl vpn,Could we back up it or not?

How can we backup and restore back?

Best Regads,

Rechard

Hall of Fame Super Silver

move configure from old ASA to new ASA 5515x?

Certificates can be backed up - most easily in ASDM by using using the backup tool and unselect "Backup All" in favor of "Certificates".

Rererence guide here:

http://www.cisco.com/en/US/docs/security/asa/asa90/asdm70/configuration_guide/admin_swconfig.html#wp1508712

New Member

move configure from old ASA to new ASA 5515x?

Dear Marvin and all,

thanks you for command.

right now i'm still have problem with certificate. i mean that i still cannot export from ASA 5510 v.8 to ASA 5512-x V9.

1- could you advice, how to export and import on new ASA?

2-if cannot, could you let me know how can i create new certificate and configure the new certificate in to ASA 5512-x.

Best Regards,

rechard

Hall of Fame Super Silver

Re: move configure from old ASA to new ASA 5515x?

What kind of certificate is it?

Self-signed certficates cannot be transferred (nor would you want to). Also, those generated from a CA using a CSR with serial number embedded also cannot be transferred.

New Member

move configure from old ASA to new ASA 5515x?

Dear Marvin,

If cannot ,Could you let me know how to install CA on ASA 5512-x?

I never configure on CA.

Best Regards,

Rechard

Hall of Fame Super Silver

move configure from old ASA to new ASA 5515x?

You have to tell us what kind of certificate is on old ASA. The command to show them is:

show crypto ca certificates

I recommend you read this article.


1245
Views
0
Helpful
7
Replies