That is the recommended approach and usually an experienced Cisco Security Consultant is needed to perform the job. The sections that needs manual work are: Objects, NATs, Policies and ACLs. That means that large portions of the config need to be redone (in most cases manually) when you do the switch over. It does mandate the obligatory use of objects, the NATs are the old PIX like fashion and any policies use the global ip addresses (the so called real ip addresses seen on the interface) than the original one (the ip addresses on the hosts). The pre-8.3 code is very different from today’s code in terms of syntax. Very often the legacy ASA’s run a pre-8.3 code due to RAM restrictions (RAM needs to be upgraded for post 8.3+ code). Different naming for interfaces and different features and functionalities means different syntax for the CLI.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |