cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11485
Views
13
Helpful
38
Replies

ASA to FTD migration tool

seegomaa
Level 1
Level 1

Hello All,

I'm in trying to convert ASA configuration file to FTD but gettingbelow error on FMC virtual 

Error

Invalid ASA configuration file! Please pass a valid file.

I'm following Cisco guide I installed FMC virtual on VMWare and trying to upload the ASA configuration to convert it but stuck in the upload package step. ASA configuration file is .txt and ASA version is 9.2

38 Replies 38

i have to do this for multiple sites,  also, enabling logging on all 300 rules is the manual process , I think  No tool help with this,  logging is also required to see the logs at FMC.

Wondering, why Cisco migration tool is not doing this ...

You can use the FMC REST API to update the configuration of multiple ACP rules. I frequently use it to enable logging for all ACP rules missing the logging configuration.

Hey Mate,

thanks for reply.

 

Do you able to share steps or documents that can help me on this ? Telling me how to use REST API for this configuraiton..

 

Also, Do you have any python script that can help to clean-up ASA configuration?

If you are interested I wrote a blog post yesterday on how to use the fmc rest api. I created a small script to enable syslog alerts for access-control-policy rules. You can find it here: http://dependencyhell.net/2017/08/27/Automating-ACP-Bulk-Changes/

In case anything is unclear let me know.

p.s. what do you mean by cleaning up ASA configuration. What is it that you want to clean up?

regards
Oliver

Not applicable

i was having the same issue, contacted Tac tried the following things and it worked:

Removed any header and trailer contents on the running config output, as I have seen this in past.

 

The file looked like the example below: 

 

ASA Version 9.4(2)11 

hostname CPXXXXXXXXX 

domain-name cisco.com 

… 

prompt hostname state priority 

no call-home reporting anonymous 

Cryptochecksum:a3a5cbd25d6xxxxxxxxxxd7ae9522691

 

Also make sure the ASA configuration file is not encoded in unsupported format, as only UTF8 is supported ( for me it worked in ANSI mode) 

hope it helps

This did the trick for me - Thanks

Tip: "ASA Version" needs to be at the top in the document - no carriage return or line breaks before it.

I am also planning to upgrade my ASA 5520 to Firepower appliance. Can anyone please assist if we can create sub interfaces on FIrePOWER ?
my firewall has many sub interfaces under FE0/1.
Will tool automatically convert the ASA configuration to FTD compatible script including sub interface details ?
Regards,
Saurabh

Are you planning to upgrade to FTDs?

If so, tool would not help you to create interfaces.

 

You need to create interface /sub-interface by own, this has to be done at FMC once you have your FTDs regiesterd. 

 

Tool is only helpful to migrate firewall rules, you need to tune the existing rules before uplaoding the configurtation to the FMC tool.

Let me know if you have any questions, I have done this in the past and could able to guide/help.

You can create sub-interface on the Firepower.

Script will just help you to convert the firewall policies. Any other settings inlcuding interface creation need to be done manually.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: