Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
718
Views
0
Helpful
4
Replies

Upgrading from ASA 5505 to 5515-X Config

Go to solution
ServerCaseUK
Level 1
Level 1

‎06-14-2018 02:47 PM - edited ‎02-21-2020 07:53 AM

Hi,

 

I am in the process of upgrading from an old ASA 5505 running ASA 7.2 to a new ASA 5515-X currently running ASA 9.1 (I will be upgrading). It has a fairly simple setup - It's in routed mode, single context. There is no NAT rules setup according to ASDM on the 5505.

 

Just two interfaces;

 

eth0 outside = 2.2.2.2 (WAN IP - masked for security)

eth1 inside = 3.3.3.0/255.255.255.128

 

There are are around 20 IP's on the 3.3.3.0 range, within the inside interface, which are all accessible on the public Internet.

 

By default all inbound and outbound traffic is set to deny. There are several TCP/UDP and host based rules to allow traffic to specific hosts and services. Some IP restrictions (for example RDP is only allowed by certain source IP's)

 

On the existing system there is a single static route from the 3.3.3.0 to an IP address on the 2.2.2.0 range thar was supplied by the datacentre.

 

My questions are;

 

1) If I import the configuration from the 5505 from the old ASA version to the new 5515-X with the newer ASA version, what do you think would happen? I am guessing I may need to fix some mappings of the interfaces. I am guessing most configuration should copy over fairly easily.

 

2) Should I be using Dynamic PAT? The change in NAT setup is a little alien to me.

 

 

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Florin Barhala
Level 6
Level 6

‎06-15-2018 01:13 PM

I will be honest here: from your post it seems you re at your beginnings with ASA which is ok we all had our start.

So I suggest you do it from scratch; it's an opportunity to learn and understand each and every command while also seeing the CLI differences between 7.2 and 9.x

Goodluck !

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎06-14-2018 02:58 PM

Hi,

 

There have been some considerable changes between code versions 7.x and 9.x, in version 8.3 (i think), in particular access lists and nat commands changed. This link might provide some further information.

 

You might be best writing the new configuration from scratch, rather than importing.

 

HTH

0 Helpful

Go to solution
Florin Barhala
Level 6
Level 6

‎06-15-2018 01:13 PM

I will be honest here: from your post it seems you re at your beginnings with ASA which is ok we all had our start.

So I suggest you do it from scratch; it's an opportunity to learn and understand each and every command while also seeing the CLI differences between 7.2 and 9.x

Goodluck !
0 Helpful

Go to solution
ServerCaseUK
Level 1
Level 1
In response to Florin Barhala

‎06-18-2018 03:00 AM

Thanks - Yep I ended up doing it all manually and the firewall is in the DC up and running great, Friday afternoon :)

0 Helpful

Go to solution
Florin Barhala
Level 6
Level 6
In response to ServerCaseUK

‎06-18-2018 04:38 AM

Congrats for the hard work attitude ;)
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card