[c-nsp] pix vs asa

P C pc50000 at gmail.com
Thu Aug 5 21:21:33 EDT 2010


If your pix runs 7.0 or higher, the commands are virtuall identical for the
same corresponding code of ASA.  In fact for a long time, the binaries were
the same.

If it's 6.3 on the pix, there's some changee.

If this is for a migration, your best using the configuration migration tool
found on CCO.

On Thu, Aug 5, 2010 at 7:05 PM, Ryan West <rwest at zyedge.com> wrote:

> Deric,
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of Deric Kwok
> > Sent: Thursday, August 05, 2010 8:46 PM
> > Subject: [c-nsp] pix vs asa
> >
> > Hi all
> >
> > Just wandering whether any different to configure vpn in pix and asa
> >
> > Any example
> >
>
> There are plenty of examples on Cisco's site, a lot of the legacy PIX
> commands still work and will translate into the newer ASA style.
>
> i.e. 'isakmp key <key> address x.x.x.x' will translate to:
>
> tunnel-group x.x.x.x type ipsec-l2l
> tunnel-group x.x.x.x ipsec-attributes
>  pre-shared-key <key>
>
> Remote access VPNs are configured using a combination of the tunnel-group,
> group-policy and crypto map.  Site to site tunnels are pretty much the same.
>
> -ryan
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list