Cisco Cisco ASA 5512-X Adaptive Security Appliance Guía De Instalación
3
Migrating from the Cisco ASA 5500 to the Cisco Adaptive Security Virtual Appliance
Modifying a Cisco ASA 5500 Configuration to an ASAv Configuration
Detailed Steps
The following table lists the steps that are required to change an ASA 5500 configuration to an ASAv
configuration.
configuration.
Step
Task Description
Reference
1.
To upgrade an ASA 5500 configuration to Version 9.2(1),
you can leverage a built-in ASAv migration tool. This tool
activates when you reboot if the startup configuration
matches older ASA versions. Version 9.2(1) then migrates
feature-related commands that have changed from the
version that was originally stored in the startup
configuration.
you can leverage a built-in ASAv migration tool. This tool
activates when you reboot if the startup configuration
matches older ASA versions. Version 9.2(1) then migrates
feature-related commands that have changed from the
version that was originally stored in the startup
configuration.
See the ASA release notes for more information about
configuration migration and for upgrade guidelines.
configuration migration and for upgrade guidelines.
2.
Retrieve the ASA 5500 firewall configuration file from the
source device, and store it on your local file system.
source device, and store it on your local file system.
3.
Choose one of the following two options:
Using the CLI
Export the following VPN configuration files:
•
Any clientless secure socket layer (SSL)
customizations or plugins.
customizations or plugins.
•
Any AnyConnect, Cisco Secure Desktop, and host
scan images from the ASA 5500.
scan images from the ASA 5500.
•
The PKCS12 file for the identity certificate from the
ASA 5500.
ASA 5500.
Note
Make sure that you place the files in the same path
that is specified in the configuration.
that is specified in the configuration.
See the “Clientless SSL VPN Overview” chapter in the
VPN CLI Configuration Guide.
VPN CLI Configuration Guide.
See the “Installing and Enabling CSD” chapter in the
Cisco Secure Desktop Configuration Guide for Cisco
ASA 5500 Series Administrators.
Cisco Secure Desktop Configuration Guide for Cisco
ASA 5500 Series Administrators.
See the “Configuring AnyConnect Host Scan” chapter
in the VPN CLI Configuration Guide.
in the VPN CLI Configuration Guide.
See the “Configuring Digital Certificates” chapter in
the General Operations CLI Configuration Guide.
the General Operations CLI Configuration Guide.
See the “Configuring Policy Groups” chapter in the
VPN CLI Configuration Guide.
VPN CLI Configuration Guide.
Using ASDM
We encourage you to use the ASDM Backup Utility to
facilitate this process and save the source files. These
VPN-specific files may include the following: all security
images, identity certificates, VPN pre-shared keys, and all
SSL VPN configurations.
facilitate this process and save the source files. These
VPN-specific files may include the following: all security
images, identity certificates, VPN pre-shared keys, and all
SSL VPN configurations.
Note
Make sure that you uncheck the running and startup
configuration check boxes to exclude them from
the backup process.
configuration check boxes to exclude them from
the backup process.
See the “Managing Software and Configurations”
chapter in the General Operations ASDM
Configuration Guide.
chapter in the General Operations ASDM
Configuration Guide.
4.
Change the ASA 5500 configuration to an ASAv
configuration:
configuration:
—
a.
Change any interface configuration to match the available
interfaces on the ASAv: Management 0/0 and
GigabitEthernet 0/0 - 0/8 (for a ten-interface deployment).
interfaces on the ASAv: Management 0/0 and
GigabitEthernet 0/0 - 0/8 (for a ten-interface deployment).
Remove EtherChannel interfaces.
See the “Starting Interface Configuration (ASA 5510
and Higher)” chapter in the General Operations CLI
Configuration Guide.
and Higher)” chapter in the General Operations CLI
Configuration Guide.
b.
Remove the Content Security and Control Security
Services Module configuration (if one is installed).
Services Module configuration (if one is installed).
See the “Configuring the ASA CSC Module” chapter in
the Firewall CLI Configuration Guide.
the Firewall CLI Configuration Guide.