apr911 wrote: » Its going to depend largely on your code base. 8.3 code for the ASA changes a lot of things that wont translate directly from the PIX. If the code is pre 8.3, most of your config should be easily entered into the ASA. Id copy of the config off the PIX as step 1 and when you get the ASA in, spend some time doing the base config. Get as much of the PIX config loaded on the ASA as you can and spend some time testing it before you put it online. If you have an available switch (or even some empty ports you can assign to a temp vlan) you should be able to do a fairly realistic function test... Just hook up the ASA outside interface to the switch and hook up a computer to the same switch. Create a static route on the computer pointing to the address you want to test and give it a go... Hope that helps!
dtlokee wrote: » PIX to ASA conversion tool is really for 6.x to 7.x upgrades where the command set was drastically changed. You don't need it for what you are doing. Downgrade the code on the new ASA to one that reasonably matches what's on your PIX (8.0.4 is available on the ASA so that will work). Take the existing configuration from the current PIX,
change the interface identifiers on it to match the new hardware and load it in. This will not work for any private key pairs you generated, and any signed certificates that you have based on those key pairs. If the key pair was marked as exportable when you generated it then you can export it (sftp or something like that) and then import back into the new ASA. If not marked as exportable you will need to make a new pair then get a new cert issues based on the new private key.
Once it's up and working then you can upgrade to 8.2(something) and then on to 8.4 if you like, I would avoid 8.3 if you can help it.
