This is my personal Tractor Story…
Remember how my firewall died?
The next morning around 10am Fedex arrived with the new box.
I opened the box and wondered if it is the hardware or the power cable. It was the hardware. Not even 2 years old piece of hardware just lost it.
I copied the config (finally all those tedious Cisco backups pay back!) and it looked fine. Easy. Maybe too easy.
I wanted to use this opportunity to upgrade my software version from 7.2(3) to 8.2(1) and also upgrade the ASDM (which is the GUI console for PIX\ASA). I usually avoid major changes at these situations but how often you get your production firewall offline for such a job?
Reading all about the upgrade it looked like a straight forward upgrade where none of the configs will be affected. To make sure it is as easy as it looks I called TAC and they told me the same thing: copy the software, reload, good to go. So I did.
Reloading the software was easy, quick and worked just fine. Would it be a short happy afternoon?
Afterhours arrived and it’s time for switching. When I finished all adjustments on the network (remove the backup firewall, change back the D\G and cabling) I started testing with one of my out of network colleagues. She was happy about everything but the VPN.
I was looking and searching and found few missing lines. Copying those lines prompt errors. So WTF is wrong? Took me a while to figure it out (how could I not remember? Because I only did it once when I bought the ASA and never again): the Activation Key was missing hence all the Security Plus features didn’t work and the related config failed to load. Lost few hours for the reminder.
At that point I had to reload all the missing configuration that now loaded like a charm. Line by line I got everything back to work and finished this task successfully.
The only thing I still do not understand is the way Cisco handle this. You guys do it everyday with thousands of clients. When you send me a new box you know I’ll have to reload the Activation Key but even more important, you know that the key I received with the original box will not work. Why don’t you automatically create a new key and email it so when the box is here I’ll be able to use it???
