We setup both site-to-site VPN and Remote Access VPN client on VPN 3005 Concentrator. We want to migrate all the configs to the new ASA 5540. Do you recommend that we migrate all the configurations for VPN client first before setting up the site-to-site VPN on the ASA or it does not make any difference?
View 5 Replies
We have backup data center where I am now planning to provide backup internet service ( in the case where there is internet down or power outage at main server room) . I have a pair of Cisco ASA's 5540, one of which I need to move to backup data center ( BDC), Presently I have ADSL router at disaster serve room with static public IP from ISP.
Currently, I am publishing all my internal resources through ASA. Now my questions, if I move Standby ASA to Disaster Server Room. How I can publish the same internal resources through standby ASA and make it standby as active during the down time of main server room
When pusing configs using tftp, for example using Ciscoworks, does it push out an entire new config or does it just edit specific changes?
View 1 Replies View Relatedhow to convert your PIX configs to an ASA 8.X? [code]
View 5 Replies View RelatedI have a 5520 runing 8.4 and I would like to activate a previosuly saved configuration without reloading the 5520.
View 3 Replies View RelatedI have a few sites all running Cisco ASA 5510s. They all share the same asa (8.4(4)1) and asdm (6.4.9) version, but their configs differ significantly. I have a cold spare sitting in my office in the event we have a physical failure. Is there a quick and simple way I can load up multiple configs and then boot up the cold spare to then run the config from Site_A or Site_B? Just looking for a quick solution rather than doing a full restore should something fail spectacularly. Nice to say upon bootup, using confreg perhaps, to boot Site_A config rather than Site_C.
View 1 Replies View RelatedIs there anyway to migrate off of WCS to Prime NCS? We have a fully built WCS system with maps and all configs and was wondering if there was a way to restore to NCS.
View 1 Replies View RelatedI wonder if you can migrate the cisco ap 1121 by WCS, could not find any specific documentation.
View 3 Replies View Related how to migrate from WLC4404 to WLC5508. I want to know your propositions.
I could replicate the configuration manually but there is a lot of confirugation menus and all. If both could be online and migrate the AP to the new one until there is none on the old one, it would be great.
We are trying to migrate WCS base license to NCS 1.1 .We have procured the migration license .In the licensing guide , it is mentioned as "L-WCS-NCS1-M-K9 License first, before adding the licenses migrated from your WCS installation"
1)Whether we need to add this migration license in WCS before genrating XML file or
2)Before adding XML file in NCS we need to add this in NCS ..
convert a few connections from ADSL to FTTC but would like not to have to replace the Cisco 857 router already installed.To achieve this I would need to allocate one of the Ethernet ports as the WAN interface and configure PPPOE for authentication.
View 1 Replies View Relatedl need change a wlc 4400 to 5500, but l don´t know what l need back up, and how can I do to join the H Reap APs in the new 5500 WLC because all H Reap APs that l have, are not in the same city , and I understand if l want join AP in the new WLC l need to connect in the same network segment, is it rigth ?
View 7 Replies View Relatedwhat's required for the migration from Checkpoint R75-20 Splat install to the Cisco ASA firewall, links to documentation - step-by-step.
View 3 Replies View RelatedI am looking for the licensing and upgrade path for going from WCS 7.0 to PI 1.2.At present I have a WCS licensed for 200 APs which is managing one controller and 150 APs.I intend to use the Cisco Prime Upgrade Promotion to order R-W-PI12-M-K9 (WCS 7.0 to Cisco Prime Infrastructure 1.2 Migration) and L-W-PI12-100-M and L-W-PI12-100-M to match the number of licenses on the WCS.
Once Prime is installed I also want to manage another 50 devices, does that mean I have to purchase the Cisco PI 1.2 Base License and Software (R-PI12-Base-K9) and another 50 Lifecycle licenses, or will my existing 200 licenses from the upgrade suffice.
I have two router Cisco 887 with vpn site-to-site:
Site A:
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key ********* address 85.34.AAA.AAA
!
crypto ipsec transform-set strong esp-3des esp-md5-hmac
[code]....
I want to remove VPN configuration from the router and put VPN Configuration on Cisco ASA 5505.The scheme would be: ASA5505(vpn site-to-site) -> 887 -> INTERNET this for both sites.My problem is that I do not know what ip put on interface Outside of firewall. For example on Site A delete all VPN configuration from 887 and leave only ATM0.1 point-to-point, on intereface Outside of ASA put ip of loopback(of router 887) and as default route 85.34.2.XXX. Right?
We try to migrate two ASA stateful Active / Passive from version 8.0 to 8.4 but many of acl rules and Nat no longer working. We must go through the version 8.2? The release 8.4 changes everything and seems to me not too stable, it'sl best to stay in 8.2 or 8.3 !!!
View 3 Replies View RelatedI am looking to upgrade an 1812J router to 1921/K9 router with 8-port double wide switch port.What's the best/easiest way to migrate the config? (We have access lists, vlans, etc. configured on the original device)Also, I'm looking for a way to prioritize traffic from an external site on the internal LAN. Reason being that I would like to prevent dropouts of interent streaming radio when Internal LAN traffic is high. If so, what's an easy way to implement on 1921?
View 1 Replies View Relatedmy company will change WAN connection from HDSL (2Mb/2Mb) to Metro Ethernet (10Mb/10Mb). Now, I have CISCO 1841 (12.4(15)T12 ) with 2 FE and HWIC-1T. Can i configure my Metro Ethernet (WAN Connection) on one FE or i need of "external wic" such as hwic-1FE ?
View 1 Replies View RelatedI have a client who has LMS 4.1 with SAS support, I know that I can upgrade him to the Prime infrastructure for LMS and NCS, however he is licensed for 100 devices. He also has WCS 7.0 with 50 AP licenses, I want to upgrade his LMS to Prime infrastructure and then migrate his WCS to NCS, but how do I know combine the both so that he is on one platform.
View 1 Replies View RelatedCurrently have a pair of 6509 chassis setup with VSS. Only have the Sup and two line cards in each chassis. Would like to replace with a new pair of 6504E chassis. Is it possible to fail one chassis at a time and migrate to the new 6504E?
View 3 Replies View RelatedI would like to know if I can migrate the config from ACE20 to ACE30 (last software) without any issue.I don't have any ACE30 to test
View 3 Replies View RelatedI have configuration on PIX804 :
On Pix804
interface Ethernet2
nameif ins10
[Code]....
On PIX515T(804) in packet-tracert option no Phase 1 - Route-lookup and both static nat works fine. May I disable on ASA phase route-lookup, that it not send packet on wrong interfaces ?
Doing a migration. During comparison of "show bgp nei x.x.x.x advertised-routes" between existing C7600 vs new ASR9K. Found that there were some r>i (RIB-Failure) route in C7600 doesn't flagged w/ r>i in ASR9K. Is it normal behaviour in ASR9K? How can I perserve r>i on ASR9K? Due to my IGP (e.g. AD etc) issue or ASR9K IOS-XR hidden config / default config issue?
View 5 Replies View RelatedI try to remplace WLC because the old wlc (7.0) is capacity full.but the AP (3502) do not "registered" to new WLC (7.3),If you have a idea, without make a reset factory to AP.
View 1 Replies View RelatedI try to replace WLC because the old wlc (7.0) is capacity full. but the AP (3502) do not "registered" to new WLC (7.3). Don't want to make a reset factory to AP..
View 3 Replies View RelatedI need to upgrade the compact flash of my ASA 5510 from 256MB to 512MB. A friend's recommendation was to buy a card reader, copy all of the data from the existing card and paste it to the new compact flash. I have a hard time believing that it's that straight forward.
Any safer, more foolproof way of migrating between flash cards?
I need to replace an ASA with an IOS firewall router, and am not sure how to migrate the NAT configuration. Specifically, there is an interface "3rdparty" that has onward connectivity to other private addresses, so our internal addressing is hidden. For some reason there are static NAT rules in different directions across the interface, but at present I cannot see why. Thinking in router terms, all that springs to mind is the inside and outside tags for the interfaces, but also that it might need "overlapping" NAT to be configured.
[code]...
I am working on a project to migrate a single Checkpoint firewall over to a single ASA 5510, no VPN, just firewall. The checkpoint firewall has 8 physical interface so the ASA 5510 also support physical 8 interfaces so thiw will be a one-to-one swap. At the moment, I don't have an ASA 5510 to test my theory so I am going to throw it out here. The checkpoint firewall is a SPLAT running on an powerfull IBM Server with 8 CPU dual cores with 32GB of RAM and it has 1200 rules with over 120,000 objects with some of the crazy NATs but it works so we will just leave it at that. There are not that much traffics going across the firewall so there are no need to put in an ASA 5585
I use the cisco conversion tool to do the policy conversion from Checkpoint to Cisco, I get about 1.5 million lines in the configuration. A lot of it has to do with Checkpoint having no concept of interface security level while ASA does. I am sure I can optimize it to cut down the number of lines in the configuration; however, that is not my main concern at the moment. The customer goal is that at the time when cutover from Checkpoint to Cisco ASA, they want everything to be perfect, meaning that it will work like magic.
My question is that can the ASA 5510 handle 1.5 million lines of configuration? Are there any limitations on this? I know there are limitations with FWSM but since I don't have an 5510 to test.
I have a 5508 at a remote site and a 5508 at my main campus. I was doing some work on the remote site's controller, so I changed option 43 on our DNS/DHCP system, then applied an LWAPP template from NCS to the AP's to migrate them to the controller at my main campus (so users could still utilize the wireless at the remote site). They all moved over to the temporary (main campus) controller without an issue.
When I was ready to migrate the AP's back to their local (remote site) controller - I changed option 43 for each sub net that contained AP's @ the remote site to point back to their local controller's management IP address, pushed an LWAPP template again (pointing it to the local controller obviously) and apply template/reboot AP.
The AP reboots, disassociates from the main campus (temporary) controller, but when it comes back up a few minutes later - it associates BACK to the main campus controller it was on instead of to the remote site/local controller like option 43, the LWAAP template (and my frustrated screams) are now telling it to. I'm certain I'm just missing something.
I have to migrate two appliances ACS SE 1112 under 4.0.1 to new two appliances ACS SE 1121 under 5.2 version.I would like to clarify the procedure to do it by minimizing down time impact.I saw there are Migration Utility and Import Tool but do I need an Intermediate Windows Server to do this migration ?
View 1 Replies View RelatedI am planning to migrate from an old 4400 to a new 5508. I am happy with migrating the access points but I need to know if I can migrate the web authentication certificate used for guests.The new WLC will have the same virtual interface and DNS name to match the CN on the current certificate. Will this work or will I need a new certificate?
View 2 Replies View RelatedI have a Failover pair of ASA5550's running ASDM 6.2(5) and ASA 8.2(2). Originally they were setup with 2 context's and an admin context but one of the contexts has now been removed. I would like to now migrate to single mode before I go about patching them to the latest software.
View 4 Replies View RelatedI have a Cisco 2811 with fa 0/0 as my bearer, and a switch module for internal clients.
I have an issue with my fa 0/0 flapping, I want to move that ip configuration to fa 0/1
as this is a branch office I am reliant on the bearer port to give me coms so changing the IP addresses is difficult.
Has any one tried this with a TCL script?
