ASA RAVPN ACL's manually migrating to FTD

NetworkMonkey101 · ‎10-04-2024

Hi,

I have manually migrated the RAVPN configuration from an ASA to FMC/FTD.

Believe I have all of the configuration setup correctly, my main concern is around the ACLs which permit RAVPN user access throughout the network. The RAVPN users use a pool of 192.168.208.0/24. I wanted to know if these ACL's are migrated over by the FMT even though I did not select the RAVPN option during the FMT migration and parsing.

If no, what is the best way to identify all RAVPN ACL's they may be missing from the FTD configuration, where can this be found on the ASA for comparison.

Update: I have identified several policies detailing 192.168.208.0/24 on the inside interface so it looks like the RAVPN rules have been migrated even though the RAVPN option was not selected during migration. Is there anything else that needs to be added if these rules are already there?

Thanks!

balaji.bandi · ‎10-04-2024

I will compare the remote access profiles required ACL and If not a Long List of ACL i created manually and test it.

Some ACL will be moved part of ACL Move when they are part of normal ACL

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rob Ingram · ‎10-04-2024

@NetworkMonkey101 are you referring to the Access Control Policy? As on FTD as default you need to explictly permit VPN traffic in the Access Control Policy.

You should also check to ensure you have the relevant NAT exemption rules (if applicable), to ensure traffic is not unintentially translated.