https://community.cisco.com/t5/network-security/ios-acl-to-fwsm-format-conversion-tool/m-p/1206394#M859533 <HTML><HEAD></HEAD><BODY><P>Paul</P><P></P><P>Firstly with sincere apologies to all Perl programmers :-), i have knocked up a quick script that will convert IOS acl to FWSM/Pix/ASA format eg. </P><P></P><P>Input = </P><P></P><P>access-list 101 permit tcp 192.168.10.0 0.0.0.255 172.16.5.0 0.0.0.7 eq 23</P><P>access-list 101 permit udp 192.168.20.0 0.0.0.31 eq 23 172.16.5.0 0.0.0.255</P><P>access-list 101 permit ip host 192.168.10.1 172.31.12.0 0.0.7.255</P><P>access-list 101 permit ip 192.168.17.128 0.0.0.127 172.16.10.0 0.0.0.255</P><P>access-list 101 permit ip 172.16.5.0 0.0.0.31 host 172.16.5.2</P><P></P><P>Output = </P><P></P><P>access-list outside_access_in permit tcp 192.168.10.0 255.255.255.0 172.16.5.0 255.255.255.248 eq 23 </P><P>access-list outside_access_in permit udp 192.168.20.0 255.255.255.224 eq 23 172.16.5.0 255.255.255.0 </P><P>access-list outside_access_in permit ip host 192.168.10.1 172.31.12.0 255.255.248.0 </P><P>access-list outside_access_in permit ip 192.168.17.128 255.255.255.128 172.16.10.0 255.255.255.0 </P><P>access-list outside_access_in permit ip 172.16.5.0 255.255.255.224 host 172.16.5.2 </P><P></P><P></P><P>It only works with IOS acl's of format </P><P></P><P>access-list <ACL number=""> permit ....</ACL></P><P></P><P>but i suppose it could be modified to also include extended acl's. It's a very quick and dirty script and i haven't exactly tested it extensively but if you have huge acl's it may be worth a try. </P><P></P><P>Hopefully you are familiar with Perl. If not you can get a copy for windows from Activestate (www.activestate.com). Linux/Unix should already have it installed.</P><P></P><P>Script attached. Obviously this comes with no guarantees so use with discretion !</P><P></P><P>** Edit - sorry should explain. Script will read in a file containing an IOS access-list and will output to the screen the new FWSM access-list. **</P><P></P><P>Jon</P></BODY></HTML> Thu, 04 Jun 2009 10:59:40 GMT Jon Marshall 2009-06-04T10:59:40Z https://community.cisco.com/t5/network-security/ios-acl-to-fwsm-format-conversion-tool/m-p/1206392#M859531 <P>Is there a tool to convert IOS ACL to FWSM format ?</P><P>i.e. conversion of wildcard masks to appropriate subnet mask</P> Mon, 11 Mar 2019 15:39:23 GMT https://community.cisco.com/t5/network-security/ios-acl-to-fwsm-format-conversion-tool/m-p/1206392#M859531 p.brand 2019-03-11T15:39:23Z https://community.cisco.com/t5/network-security/ios-acl-to-fwsm-format-conversion-tool/m-p/1206393#M859532 <HTML><HEAD></HEAD><BODY><P>I have not been able to find an app, but what I do is use a text editor (my favorite is UltraEdit) and do a search and replace. Search for 255.255.255.248 and replace with 0.0.0.7. Clunky, but it works.</P><P></P><P>Hope that helps.</P></BODY></HTML> Wed, 03 Jun 2009 14:58:33 GMT https://community.cisco.com/t5/network-security/ios-acl-to-fwsm-format-conversion-tool/m-p/1206393#M859532 Collin Clark 2009-06-03T14:58:33Z https://community.cisco.com/t5/network-security/ios-acl-to-fwsm-format-conversion-tool/m-p/1206394#M859533 <HTML><HEAD></HEAD><BODY><P>Paul</P><P></P><P>Firstly with sincere apologies to all Perl programmers :-), i have knocked up a quick script that will convert IOS acl to FWSM/Pix/ASA format eg. </P><P></P><P>Input = </P><P></P><P>access-list 101 permit tcp 192.168.10.0 0.0.0.255 172.16.5.0 0.0.0.7 eq 23</P><P>access-list 101 permit udp 192.168.20.0 0.0.0.31 eq 23 172.16.5.0 0.0.0.255</P><P>access-list 101 permit ip host 192.168.10.1 172.31.12.0 0.0.7.255</P><P>access-list 101 permit ip 192.168.17.128 0.0.0.127 172.16.10.0 0.0.0.255</P><P>access-list 101 permit ip 172.16.5.0 0.0.0.31 host 172.16.5.2</P><P></P><P>Output = </P><P></P><P>access-list outside_access_in permit tcp 192.168.10.0 255.255.255.0 172.16.5.0 255.255.255.248 eq 23 </P><P>access-list outside_access_in permit udp 192.168.20.0 255.255.255.224 eq 23 172.16.5.0 255.255.255.0 </P><P>access-list outside_access_in permit ip host 192.168.10.1 172.31.12.0 255.255.248.0 </P><P>access-list outside_access_in permit ip 192.168.17.128 255.255.255.128 172.16.10.0 255.255.255.0 </P><P>access-list outside_access_in permit ip 172.16.5.0 255.255.255.224 host 172.16.5.2 </P><P></P><P></P><P>It only works with IOS acl's of format </P><P></P><P>access-list <ACL number=""> permit ....</ACL></P><P></P><P>but i suppose it could be modified to also include extended acl's. It's a very quick and dirty script and i haven't exactly tested it extensively but if you have huge acl's it may be worth a try. </P><P></P><P>Hopefully you are familiar with Perl. If not you can get a copy for windows from Activestate (www.activestate.com). Linux/Unix should already have it installed.</P><P></P><P>Script attached. Obviously this comes with no guarantees so use with discretion !</P><P></P><P>** Edit - sorry should explain. Script will read in a file containing an IOS access-list and will output to the screen the new FWSM access-list. **</P><P></P><P>Jon</P></BODY></HTML> Thu, 04 Jun 2009 10:59:40 GMT https://community.cisco.com/t5/network-security/ios-acl-to-fwsm-format-conversion-tool/m-p/1206394#M859533 Jon Marshall 2009-06-04T10:59:40Z https://community.cisco.com/t5/network-security/ios-acl-to-fwsm-format-conversion-tool/m-p/1206395#M859535 <HTML><HEAD></HEAD><BODY><P>Apologies, here is the attachement.</P><P></P><P> </P><P></P></BODY></HTML> Thu, 04 Jun 2009 11:02:06 GMT https://community.cisco.com/t5/network-security/ios-acl-to-fwsm-format-conversion-tool/m-p/1206395#M859535 Jon Marshall 2009-06-04T11:02:06Z