Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1216
Views
5
Helpful
2
Replies

Need to swap ASA5508-X chassis due to clocking bug. Need Assistance.

Go to solution
ntwkdsnr123
Level 1
Level 1

‎01-05-2018 01:32 PM - edited ‎03-10-2019 12:57 AM

Hi Folks,

 

Not sure if this is the right forum.  Any help would be appreciated.

 

I need to swap a new ASA5508-X chassis for an existing ASA that has been in production for a while.  There are a couple of site-to-site VPNs up and running and also some remote users from time to time.

 

I have access to the running config and all of the files on disk0:

 

What is the best way to do this?  I don't want to rebuild the site to site configurations and access-lists.  I don't have the pre shared keys or passwords.

 

It can't be as easy as just copying over the startup configuration is it? 

 

Can someone provide an outline of the steps required?

 

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-05-2018 02:23 PM

Hi

 

First of all, doing a show running won’t give you all informations. For example, to be able to view L2L pre-shared-key, you will need to issue the command more system:running

 

Afterwards, there is a backup command available through CLI or ASDM to backup all ASA files (files in disk0, certificates...) and a restore command to restore it on the other end.

The command would be: backup location url

 

Hope that helps!


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

2 Replies 2

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-05-2018 02:23 PM

Hi

 

First of all, doing a show running won’t give you all informations. For example, to be able to view L2L pre-shared-key, you will need to issue the command more system:running

 

Afterwards, there is a backup command available through CLI or ASDM to backup all ASA files (files in disk0, certificates...) and a restore command to restore it on the other end.

The command would be: backup location url

 

Hope that helps!


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
Karsten Iwen
VIP
VIP

‎01-06-2018 03:41 AM

As Francesco already mentioned, the Backup/Restore-function is the way to go. But there is one thing that has to be done manually: Applying all licenses on the new box. For example you might have AnyConnect-licenses on the ASA. These are not in the backup and you (or your Cisco-Partner) have to go to the licensing-portal and transfer/reissue the license for the replacement-ASA.

0 Helpful
Customers Also Viewed These Support Documents