01-29-2020 03:36 PM - edited 02-21-2020 09:52 AM
This topic is a chance to clarify your questions about the best practices and required elements to migrate your Cisco Adaptive Security Appliance (ASA) to Firepower Threat Defense (FTD).
Because of the continuous evolution of cybersecurity threats, it is always important to stay updated and protected. Firepower Threat Defense (FTD) is a next-generation firewall that is able to respond to existing or unknown threats. Its firewall features include access control through network conditions, user names, ports, inclusive applications or protocols, and the ability to establish VPN remote access or inter-site communication.
To participate in this event, please use the button below to ask your questions
Ask questions from Wednesday 29th of January to Friday 14th of February, 2020
**Helpful votes Encourage Participation! **
Please be sure to rate the Answers to Questions
01-30-2020 12:35 PM
Since there is a dedicated Win/Mac based migration tool that appears in all respects much more complete than the old FMCv based migration process, I assume that the migration tool based version is currently considered "best practise". Can you confirm that? Also is the FMCv based migration process going to be supported in addition to the migration tool going forward?
Thanks
02-07-2020 12:03 PM
Hi Steve,
Thanks for using our Cisco Community. Yes, as of now, both procedures are supported but as you mentioned the Migration tool is the best practice to migrate ASA to FTD.
Additional reference:
https://www.cisco.com/c/en/us/products/security/firewalls/firepower-migration-tool.html
https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide/ASA2FTD-with-FP-Migration-Tool.html
I hope this information helps,
Osvaldo G.
02-07-2020 03:23 PM
02-03-2020 05:35 AM
Hi ,
Migration from ASA to FTD was fine, however for site to site VPN, we have to create the NATing and access rule manually and also no VPN status view.
kindly advise.
regards
02-07-2020 12:07 PM
Hi Ashley,
Thanks for contacting our Cisco Community. I'm not sure about what type of Site-to-site you have, if it's with certificates, IKEv1 or IKEv2. Nevertheless here is some helpful information that you can use to migrate this type of configuration:
Also, if you need additional information, you can take a look at the section "Related Documentation" in the following link:
Hope this helps you,
Osvaldo G.
07-29-2020 09:47 PM
i have check the link you sent, it's a guide how to migrate and configure it manually, nothing like automatic migration, will it be possible in future version of the migration tool.
Thanks
02-08-2020 05:54 AM
We bought 2xFTD 2100 series to replace our ASA 5545. we are heavily based site-to-site vpn with ikev2 cert based. my question is in order to move from ASA to FTD can we use the migration tool to convert our ASA ikev2 configuration to FTD or we have to manually create one by one ikev2 cert vpn?
we plan to deploy the FTD in active passive mode. any recommendation is highly appreciated.
02-19-2020 03:43 AM
Hi Sheraz,
Thanks for using our Cisco Community. For this type of migration I strongly recommend to follow this guide:
Migrating ASA to Firepower Threat Defense Site-to-Site VPN Using IKEv2 with Certificates
I hope you find it useful.
Have a great day!
Osvaldo G.
07-29-2020 03:36 PM
Hi Osvaldo Im just wondering if you could shine some light on my case. Im in the middle of a migration from an ASA 5585 to a FTD-2130 the ftd will be my DR site and some applications are using the self singed certificate of the ASA. My question is : can I migrate the self signed certificate of the Asa to the Ftd, even thou when the hostname and IP address will be diferent in my ftd? If that is possible should I import the self singed as a pcks12 file and installing in the FTD? I hope you can answer my question.
Thank you very much!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide