We bought the Firepower 1010 with ASA image.
And old asa is 5512.
Is it possible to move the config old asa 5512 to Firepower 1010 with asa image?
If yes what is the conditional?
I tried it, every configuration command wrote to the Firepower cli, everthing worked but somebody connect cisco anyconnect vpn to the firewall not reach the Internet.
The Firewall reached the internet.
Every NAT rule will be copied and acces list.
I compare the 2 configuration files (ASA and Firepower with asa image) and is is the same.
But no internet.
Do you thing what will be the problem or what do i shoild to check?
The vpn client got every route.
in the notebook the print route output was good but no internet!
A Firepower device using an ASA image should function the same as an ASA 5512 as long as the image versions are the same or at least compatible. The latest version available for the ASA 5512-X was 9.12(X) according to Cisco.
However, the 5512 is indeed old, so if you have an older ASA version 8.2 or older, the packet flow is different and affects the way in which NAT, as well as encryption for VPNs, occurs.
Otherwise, you will have to do some more troubleshooting to see where and why packets over the VPN are being dropped. An excellent tool to use to help you out is the ASA packet tracer feature. You can learn more about it here: