Cisco Firepower 2100 Getting Started Manual page 97

Hide thumbs Also See for Firepower 2100:

Getting started manual (104 pages)

Getting started manual (222 pages)

Getting started manual (178 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

page of 150

/ 150
Contents
Table of Contents
Bookmarks

Table of Contents

ASA Appliance Mode Deployment with ASDM

Migrating an ASA 5500-X Configuration

You can copy and paste an ASA 5500-X configuration into the Firepower 2100 in Appliance Mode. However,

you will need to modify your configuration. Also note some behavioral differences between the platforms.

1. To copy the configuration, enter the more system:running-config command on the ASA 5500-X.

2. Edit the configuration as necessary (see below).

3. Connect to the console port of the Firepower 2100 in Appliance Mode, and enter global configuration

mode:

ciscoasa> enable

Password:

The enable password is not set. Please set it now.

Enter Password: ******

Repeat Password: ******

ciscoasa# configure terminal

ciscoasa(config)#

4. Clear the current configuration using the clear configure all command.

5. Paste the modified configuration at the ASA CLI.

This guide assumes a factory default configuration, so if you paste in an existing configuration, some of the

procedures in this guide will not apply to your ASA.

ASA 5500-X Configuration

PAK License

Initial ASDM access

Firepower 2100 in Appliance Mode Configuration

Smart License

PAK licensing is not applied when you copy and paste your

configuration. There are no licenses installed by default. Smart

Licensing requires that you connect to the Smart Licensing server

to obtain your licenses. Smart Licensing also affects ASDM or

SSH access (see below).

Remove any VPN or other strong encryption feature

configuration—even if you only configured weak encryption—if

you cannot connect to ASDM or register with the Smart Licensing

server.

You can reenable these features after you obtain the Strong

Encryption (3DES) license.

The reason for this issue is that the ASA includes 3DES capability

by default for management access only. If you enable a strong

encryption feature, then ASDM and HTTPS traffic (like that to

and from the Smart Licensing server) are blocked. The exception

to this rule is if you are connected to a management-only interface,

such as Management 1/1. SSH is not affected.

Cisco Firepower 2100 Getting Started Guide

Migrating an ASA 5500-X Configuration

Table of Contents

Show Quick Links

Hide quick links:

Chapters

Table of Contents

Cisco Firepower 2100 Getting Started Manual page 97

Hide quick links:

Chapters

Related Manuals for Cisco Firepower 2100

Related Products for Cisco Firepower 2100

Table of Contents