On the PIX, I have E0=inside E1=outside E2=dmz. I have already ordered the ASA. Actually two of them for redundancy. My question to day is, can you guys help me with the config transfer and a plan of attack?
Thanks
Best way to migrate is to take the configuration of the old PIX and TFTP it to a PC or other server for safe keeping.
Then boot up the ASA in a lab environment and TFTP the configuration to the new unit and reboot. There will be some commands that don't translate correctly, but you can compare the configurations to each other to make sure all the access lists and NAT statements get transferred across.
Keep in mind that the PIX and the ASA name their interfaces differently, so there may be errors when you transfer the configuration. You can edit the configuration offline with something like Notepad and change the names of the interfaces to have it work.
Good luck!
Hi,
The ASA config guide is here http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/config.html
Generally the config can be moved across fairly easily. I would suggest that you get your ASA powered up in the lab / on a desk and apply a modified version of the original PIX one. This will allow you to check out functionality without putting your live traffic at risk. When you feel confident that the ASA now replicates the PIX functionality then you can schedule an out of hours change window to bring the ASA into service
If this helps please leave feedback, if not let me know and I will try to help some more!
LAN-based Failover: Send hello msg and start failover monitoring
541 views
Usually answered in minutes!
×