03-28-2017 03:12 AM - edited 02-21-2020 06:02 AM
Hello All,
I'm in trying to convert ASA configuration file to FTD but gettingbelow error on FMC virtual
Invalid ASA configuration file! Please pass a valid file.
I'm following Cisco guide I installed FMC virtual on VMWare and trying to upload the ASA configuration to convert it but stuck in the upload package step. ASA configuration file is .txt and ASA version is 9.2
07-20-2017 10:06 PM
i have to do this for multiple sites, also, enabling logging on all 300 rules is the manual process , I think No tool help with this, logging is also required to see the logs at FMC.
Wondering, why Cisco migration tool is not doing this ...
08-24-2017 01:51 PM
You can use the FMC REST API to update the configuration of multiple ACP rules. I frequently use it to enable logging for all ACP rules missing the logging configuration.
08-27-2017 07:07 PM
Hey Mate,
thanks for reply.
Do you able to share steps or documents that can help me on this ? Telling me how to use REST API for this configuraiton..
Also, Do you have any python script that can help to clean-up ASA configuration?
08-28-2017 11:58 AM - edited 08-28-2017 11:59 AM
If you are interested I wrote a blog post yesterday on how to use the fmc rest api. I created a small script to enable syslog alerts for access-control-policy rules. You can find it here: http://dependencyhell.net/2017/08/27/Automating-ACP-Bulk-Changes/
In case anything is unclear let me know.
p.s. what do you mean by cleaning up ASA configuration. What is it that you want to clean up?
regards
Oliver
06-14-2017 08:14 AM
i was having the same issue, contacted Tac tried the following things and it worked:
Removed any header and trailer contents on the running config output, as I have seen this in past.
The file looked like the example below:
ASA Version 9.4(2)11
!
hostname CPXXXXXXXXX
domain-name cisco.com
…
prompt hostname state priority
no call-home reporting anonymous
Cryptochecksum:a3a5cbd25d6xxxxxxxxxxd7ae9522691
Also make sure the ASA configuration file is not encoded in unsupported format, as only UTF8 is supported ( for me it worked in ANSI mode)
hope it helps
08-23-2017 10:39 AM
08-31-2017 04:43 AM
09-01-2017 01:20 AM
Are you planning to upgrade to FTDs?
If so, tool would not help you to create interfaces.
You need to create interface /sub-interface by own, this has to be done at FMC once you have your FTDs regiesterd.
Tool is only helpful to migrate firewall rules, you need to tune the existing rules before uplaoding the configurtation to the FMC tool.
Let me know if you have any questions, I have done this in the past and could able to guide/help.
10-30-2017 06:41 PM
You can create sub-interface on the Firepower.
Script will just help you to convert the firewall policies. Any other settings inlcuding interface creation need to be done manually.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide