Re: [fw-wiz] Move configuration from 5510 to 5520



Jens Brey wrote:
does anyone knews a way, to move the configuration from a Cisco ASA 5510
to 5520 without the need to set all passwords new?
I think the problem is the device internal salts which are used to crypt
all the passwords/pre-shared-keys.
Is there any possibilty to extract this salts and set them on the other
device?

I'm not aware of this limitation. I have a basic template that I use
for setting up new firewalls which includes my standard enable password
and local users. The passwords are encrypted and they have always
worked when I moved them from one device to another or my template to a
new device.

You should try moving the passwords over to the new box (cut n' paste)
and see if they still work. Then the rest of the config should be easy.

-Josh
--
Josh Ward <jward@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Network Security Engineer - University of Oregon - Network Services
P. 541.346.1651 F. 541.346.4397
U of O Security Hotline: 541.346.5837
PGP Fingerprint: CFB6 62C0 370B AD6D BA33 6034 8FFB 4A49 297F 6A4C
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [fw-wiz] Move configuration from 5510 to 5520
    ... With the cut&paste way i first tried i had problems (maybe some invisible characters from Dos to Linux conversion or something like this). ... vbwilliams@xxxxxxxxxx schrieb: ... to move the configuration from a Cisco ASA 5510 to 5520 without the need to set all passwords new? ... I think the problem is the device internal salts which are used to crypt all the passwords/pre-shared-keys. ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Move configuration from 5510 to 5520
    ... does anyone knews a way, to move the configuration from a Cisco ASA 5510 to ... 5520 without the need to set all passwords new? ... I think the problem is the device internal salts which are used to crypt ...
    (Firewall-Wizards)
  • [fw-wiz] Move configuration from 5510 to 5520
    ... to move the configuration from a Cisco ASA 5510 to 5520 without the need to set all passwords new? ... I think the problem is the device internal salts which are used to crypt all the passwords/pre-shared-keys. ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Move configuration from 5510 to 5520
    ... Saving the configuration to a TFTP server will make all the passwords appear...either hashed or in plain text. ... I think the problem is the device internal salts which are used to crypt ...
    (Firewall-Wizards)