How to use the Cisco Official Tool from PIX

firewall to ASA?
Difference between PIX Firewall and ASA on Configuration
Compare the PIX Firewall with ASA, the most critical question is that they are
completely different in the configuration. In other words, to achieve the same purpose,
the commands used in the PIX Firewall and ASA are not the same. ASA adopts
Internet operating system configuration interface while PIX firewall adopts
configuration interface provided !y PIX Operating System.
"he main differences may !e concluded as !elow#
 ASA !elongs to different hardware devices and have different interface name.
 ASA adopts a similar interface command mode of Cisco Internet $perating
 PIX firewall use FIXUP command to monitor the situation while the ASA using
a strategy map.
 "he function of out!ound and conduit commands in PIX firewall was replaced !y
an access control list in ASA.
"here are two ways can !e selected on completing the conversion process, manual
mode or automatic migration tool. If you want precise control over each step, then
you may need to select the manual mode. %owever, Cisco can provide software tools
from PIX firewall to ASA to reali&e the entire migration process automatically. 'et us
loo( at it is how to carry out the wor(.
If you want to use this tool, you must ensure the PIX operating system running on
PIX Firewall is ).* or higher version.
How to !"grading
I downloaded the Cisco automatically migration tool from PIX Firewall to ASA on
the official we!site +require registration and provide PIX Firewall service protocols,.
It contains three different versions, which can support the operating environment on
-indows XP, Apple.s $SX and the ninth edition of /ed %at 'inu0 operating system. I
downloaded and installed the -indows XP operating system version. After the
installation, I found the whole (it !y part of the user guide, migration scripts and
practical tools and other components.
"he use of migration tool from PIX firewall to ASA is really very simple. 2ou should
provide a source location and a target location when starting. Source location can !e
an active device +already powered on and in operation,, you can also save the
configuration file on your hard drive. If you need to e0it the active device, then you
need to enter a similar https# 33 IP address 3 configured networ( address to save the
configuration information to a !lan( configuration profile and the target position is
the place to save local migration profiles.
After configuring the location of the target and source files, you can use this tool to
scan configuration. "he ne0t step is to determine the specific type of device, !ecause
it is the only way to go on the entire tool. It !elongs to the Cisco ASA 4455 Series
firewalls, such as ASA 55056 55106 55206 55506 55806 -hat (ind of license it has
!een adopted6
%ere I chose an enhanced version of the licensing agreement ASA 4454 and converted
the 7thernet interface defaulted !y PIX to virtual 'A8 interface of ASA.
"he result after operation is shown as !elow#
Set target configuration for ASA. 2ou can create this configuration after a few
seconds, shown as !elow.
8e0t, you can clic( and view the target configuration, !rowse the newly generated
ASA configuration file. 2ou can find its contents as shown as !elow. "his is the new
ASA converted configuration file. 8ot for that, you can even find that it adopts a
strategy map to replace the fi0up command.
#ore information on Cisco ASA $$%% Series firewalls
"he Cisco ASA 4455 Series firewalls helps organi&ations to !alance security with
productivity. It com!ines the industry.s most deployed stateful inspection firewall
with comprehensive ne0t:generation networ( security services.
As a leading Cisco ASA5500 firewa supplier, &Anetwor' (eeps a huge stoc( of
Cisco ASA4454 ASA4415 ASA4495 ASA44;5 firewalls. In many cases, we can
deliver ASA firewalls in 9 !usiness days at very good price and we can ship to
