Replace a stand-alone ESA

Available Languages

Updated:September 2, 2014

Document ID:118368

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how to replace an Email Security Appliance (ESA).

How to configure a stand-alone RMA Email Security Appliance?

Prerequisites

The old appliance and the new appliance MUST have the same exact AsyncOS version and build.
This only applies to a stand-alone appliance, not one that is in a cluster.
This document assumes the use of the Web Interface (GUI) for all steps.
For replacing an appliance in a cluster, please see article: Replace an ESA that is in a Cluster

Solution

Save the configuration from the old appliance to your local machine. From the GUI -> System Administration -> Configuration File -> Download file to local computer. Be sure to un-check the box "Mask passwords in the Configuration Files".
Get the new appliance up and running on your network. For access by Ethernet, connect to the Management Network Port. Use a browser to access the web-based interface on the default IP address 192.168.42.42 (username: admin, password: ironport). You can also access the command line interface by SSH or terminal emulation software on the same IP address. (The netmask is /24). For Serial access, connect to the Serial Port. Access the command line interface by a terminal emulator using 9600 bits, 8 bits, no parity, 1 stop bit (9600, 8, N, 1), flowcontrol = Hardware. Run the system set up wizard (SSW). If your old appliance is dead or already off the network, then you can use the same IP information. If your old appliance is still on the network, then give the new appliance a temporary IP address.
Check to make sure the new appliance is on the same version and build of AsyncOS. From the GUI -> Monitor -> System Status. If they are the same, move on to step 5. If they are not the same, continue to step 4.
If the appliances are not on the same build, upgrade the new appliance to match the version of the old one. From the GUI -> System Administration -> System Upgrade -> Available Upgrades. If you see it in the list, please select it. If it is not listed, the specific version may need to be provisioned by Cisco Support. Please contact before proceeding.
Note If the old appliance is at a version that is older than the replacement appliance, you will need to upgrade it (if possible) to match the new appliance.
Once the appliances are verified to be at the same version, load the configuration file to the new appliance. From the GUI -> System Administration -> Configuration File -> Load a configuration file from local computer.
If the configuration file loads without any errors, then you can proceed to decommission the old appliance and edit the IP settings of the new appliance as desired. From the GUI -> Network -> IP Interfaces. You may also need to edit the routing information as well (Network -> Routing).
If you get any errors when loading the new configuration file, you can try and edit the configuration file with an XML editor and look for the section that the error refers to. However, if you are not comfortable with this, please contact support.

Contributed by Cisco Engineers

Kenny Majoros and Enrico Werner
Cisco TAC Engineers.