Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 6.3 to ASA 5505 8.2

We have an old PIX that is running 6.3 software.  We wouldl lik eto move the configuration to an ASA running 8.2 software.  Is there an easy way to accomplish this without have to rekey all the commands?  Is it possible to tftp the old config to the new ASA?

Thanks

3 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

PIX 6.3 to ASA 5505 8.2

Hey there,

First of all, this should be in the FW section and not the VPN section, this is not VPN related question.

However, if I ware you I would start by upgrading my PIX to the latest 8.0.4 before I begin to insure that everything is migrated especially if you have certificates and you want to export them as exporting the certs is not supported on the PIX prior to 8.0 release, however if that is not needed upgrading to the latest 7.2 will do you good ... Then I would go through this link and follow the procedure there:

- http://www.cisco.com/en/US/docs/security/asa/migration/guide/pix2asa.html

HTH,

Mo.

Bronze

PIX 6.3 to ASA 5505 8.2

Assuming you are using pre shared key authentication, everything should be interchangeable other than the isakmp key line which is coverted to a l2l type tunnel-group in 7.x+ code versions

Hall of Fame Super Silver

PIX 6.3 to ASA 5505 8.2

Cisco did put out a Pix-ASA conversion tool. Please see the Release Notes and then this link to download it.

I would advise, though, that is is a good time to clean up your Pix config. Validate all of your access-lists, NATs and VPNs. Clear out any of the unused stuff before moving it over to the ASA. Even if it's all good, validating and documenting it is a useful exercise.

Once you get it over, I'd move your ASA up to 8.4(3). Yes the NAT sysntax changes but you'll need to do it sooner or later. Why not now?

6 REPLIES
New Member

PIX 6.3 to ASA 5505 8.2

Hey there,

First of all, this should be in the FW section and not the VPN section, this is not VPN related question.

However, if I ware you I would start by upgrading my PIX to the latest 8.0.4 before I begin to insure that everything is migrated especially if you have certificates and you want to export them as exporting the certs is not supported on the PIX prior to 8.0 release, however if that is not needed upgrading to the latest 7.2 will do you good ... Then I would go through this link and follow the procedure there:

- http://www.cisco.com/en/US/docs/security/asa/migration/guide/pix2asa.html

HTH,

Mo.

New Member

PIX 6.3 to ASA 5505 8.2

Thanks for the replies.  I appreciate the help.  The conversion tool looks like it will work great.

Bronze

PIX 6.3 to ASA 5505 8.2

Assuming you are using pre shared key authentication, everything should be interchangeable other than the isakmp key line which is coverted to a l2l type tunnel-group in 7.x+ code versions

New Member

PIX 6.3 to ASA 5505 8.2

Thanks for the replies.  I appreciate the help.  The conversion tool looks like it will work great.

Hall of Fame Super Silver

PIX 6.3 to ASA 5505 8.2

Cisco did put out a Pix-ASA conversion tool. Please see the Release Notes and then this link to download it.

I would advise, though, that is is a good time to clean up your Pix config. Validate all of your access-lists, NATs and VPNs. Clear out any of the unused stuff before moving it over to the ASA. Even if it's all good, validating and documenting it is a useful exercise.

Once you get it over, I'd move your ASA up to 8.4(3). Yes the NAT sysntax changes but you'll need to do it sooner or later. Why not now?

New Member

PIX 6.3 to ASA 5505 8.2

Thanks for the replies.  I appreciate the help.  The conversion tool looks like it will work great.

424
Views
0
Helpful
6
Replies
CreatePlease to create content