- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-19-2022 10:44 PM
I had an issue recently when attempting to migrate a 3250 HA pair (10.0.8-h4) to Panorama 10.1.3. I was able to complete the push and commit however anything that uses a password or secret such as a IKE Gateway pre-shared key didn't work. The resultant outage was significant with over 100 IPSec VPN's configured so I quickly reverted the 3250's to their original device state.
I suspected someone had set a new Master Key however that wasn't the case. I then compared the encrypted values for passwords and pre-shared keys between firewalls and Panorama and they were indeed different. I know Panorama 10.1.3 doesn't support firewalls running 10.1.0 - 10.1.2 (Panorama Admin Guide) however I can't find official word that 10.0.X isn't supported either.
Downgrading isn't really an option as 10.0 becomes end of life in July this year so next step is trying the process again with an eval VM running 10.0.8-h4 loaded with very similar config to the 3250's and see if the same result occurs. Following on from that I will upgrade Panorama and the VM to 10.1.5-h1 to see if the issue is resolved.
I have another 15 x 440's on Satellite links to migrate so need to make sure the process is error free.