01-22-2020 05:49 AM - edited 02-21-2020 09:51 AM
Hello
I am about to migrate a Cisco ASA (Active Standby Cluster) to Firepower.
My ASA Cluster has L2L VPN Tunels (Policy based and Route Based) and Extended ACL's applied to different interfaces for Multiple Clients Traffic.
I am looking for Best Practices to do this migration so that it will have no impact on Production
Any Help here would be much appreciated.
Thanks
Ravi
Solved! Go to Solution.
01-29-2020 11:28 AM
01-22-2020 06:00 AM
Hi,
Have a look at the Firepower Migration tool, this will assist in migrating from ASA to Firepower.
https://www.cisco.com/c/en/us/products/security/firewalls/firepower-migration-tool.html
Beware FTD does NOT currently support route based VPNs, you can only use policy based.
HTH
01-24-2020 08:09 AM
When you say it doesn't support Route based VPN, do you mean the Migration Tool doesn't support the route based VPN or the firewall itself doesn't support route based VPN
01-24-2020 08:27 AM
01-29-2020 06:43 AM
Is it Possible to Migrate the ASA code to Firepower without converting the ASA code to the Firepower code. Like a Cisco Firepower with ASA code
01-29-2020 06:50 AM
01-29-2020 10:55 AM
So if run the ASA code then that migration is pretty easy or is there any limitations for that as well? or any compatibility issues
01-29-2020 11:05 AM
01-29-2020 11:23 AM
Thank you
This means there won't be any kind of configuration changes correct?
01-29-2020 11:28 AM
01-29-2020 12:54 PM
The Physical Interface Code for ASA will be changed to FXOS code.
The rest will be the same
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: