Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
317
Views
2
Helpful
4
Replies

ASA RAVPN ACL's manually migrating to FTD

NetworkMonkey101
Level 1
Level 1

‎10-04-2024 06:12 AM - edited ‎10-04-2024 06:22 AM

Hi, 

I have manually migrated the RAVPN configuration from an ASA to FMC/FTD. 

Believe I have all of the configuration setup correctly, my main concern is around the ACLs which permit RAVPN user access throughout the network. The RAVPN users use a pool of 192.168.208.0/24. I wanted to know if these ACL's are migrated over by the FMT even though I did not select the RAVPN option during the FMT migration and parsing.

If no, what is the best way to identify all RAVPN ACL's they may be missing from the FTD configuration, where can this be found on the ASA for comparison.

 

Update: I have identified several policies detailing 192.168.208.0/24 on the inside interface so it looks like the RAVPN rules have been migrated even though the RAVPN option was not selected during migration. Is there anything else that needs to be added if these rules are already there?

Thanks!

0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎10-04-2024 06:54 AM

I will compare the remote access profiles required ACL and  If not a Long List of ACL i created manually and test it.

Some ACL will be moved part of ACL Move when they are part of normal ACL

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rob Ingram
VIP
VIP

‎10-04-2024 08:21 AM

@NetworkMonkey101 are you referring to the Access Control Policy? As on FTD as default you need to explictly permit VPN traffic in the Access Control Policy.

You should also check to ensure you have the relevant NAT exemption rules (if applicable), to ensure traffic is not unintentially translated.

gopaks
Cisco Employee
Cisco Employee

‎10-13-2024 10:29 PM

Hi @NetworkMonkey101 from your post, I see that the Firewall Migration Tool (FMT) was used for the ACL migration and not for RAVPN migration.  Any specific reason for migrating RAVPN manually and not using FMT.  Knowing any challenges seen while performing the RAVPN migration with FMT will help in making the tool better.

Also help us know the FMT version used for the migration.

Thanks!

 

0 Helpful

Aref Alsouqi
VIP
VIP

‎10-14-2024 04:18 AM

Another thing I would check would be the certificates that have been tied to the outside interface for the RAVPN.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card