Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
996
Views
0
Helpful
3
Replies

Two ASA migration to Firepower

Go to solution
Antonio Macia
Level 3
Level 3

‎11-07-2018 10:05 AM - edited ‎03-12-2019 07:04 AM

Hello,

 

My customer wants to consolidate two ASAs in one high-end Firepower appliance. I've successfully done one-to-one ASA to Firepower migrations in the past and for this case, I wanted to do the trick of consolidating both ASA configuration into one single configuration file. For that I took the relevant configurations which are interfaces, objects, groups and ACLs.

The process works fine but at some point it returns a UTF-8 conversion error, so seems that the trick doesn't work.

 

Wondering if could be possible to import the secondary ASA configuration in Firepower without overwriting the existing Firepower config. Like appending the new interfaces and objects.

 

Regards.

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Abheesh Kumar
VIP Alumni
VIP Alumni

‎11-07-2018 11:12 AM

Hi Antonio,

I have did this same for one customer, manually merge both the configurations (object-groups, ACL, NAT, Access-group) into a single file and did the conversion with FMC migration tool (not the latest ASA to FTD migration tool). Only thing you need to manually configure the interfaces and routes in FMC as per the existing ASA. I have faced lot of issues with the new migration tool. 

If you have a temporary vFMC  then convert it to migration tool and upload the merged config file this will work like a charm.

 

HTH

Abheesh

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Abheesh Kumar
VIP Alumni
VIP Alumni

‎11-07-2018 11:12 AM

Hi Antonio,

I have did this same for one customer, manually merge both the configurations (object-groups, ACL, NAT, Access-group) into a single file and did the conversion with FMC migration tool (not the latest ASA to FTD migration tool). Only thing you need to manually configure the interfaces and routes in FMC as per the existing ASA. I have faced lot of issues with the new migration tool. 

If you have a temporary vFMC  then convert it to migration tool and upload the merged config file this will work like a charm.

 

HTH

Abheesh

0 Helpful

Go to solution
Antonio Macia
Level 3
Level 3
In response to Abheesh Kumar

‎11-08-2018 03:52 AM - edited ‎11-08-2018 03:53 AM

Thanks Abheesh, good to know that someone was successful on doing the same. I managed to fix the issue with the encoding. I will let you know.

 

Regards.

0 Helpful

Go to solution
Antonio Macia
Level 3
Level 3
In response to Antonio Macia

‎11-13-2018 01:36 AM

For anyone interested, the procedure worked. Since I was consolidating a couple of existing firewalls on the same organization many objects were duplicated and I have to employ a Python script to remove the duplicates prior to run the migration tool.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card