Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
795
Views
0
Helpful
2
Replies

ASA to FTD Migration

akash.tiwari
Level 1
Level 1

‎05-24-2021 07:37 PM

Dear Team,

Software Version

-ASA 5516X-9.9

-FTD(2140)-6.6

-FMC-6.6

-Migration Tool:2.3.5

Could you please help me out on below queries ?

-is SSL VPN or AnyConnect VPN is supported during Migration from ASA to FTD

-is SSL VPN's Object, NAT, ACL,certificates migrate ?

 

 

 

0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎05-25-2021 12:41 AM - edited ‎05-25-2021 01:16 AM

@akash.tiwari 

It doesn't appear that you can currently migrate RAVPN settings. A list of supported migrated features is here

https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide/ASA2FTD-with-FP-Migration-Tool/ASA2FTD-with-FP-Migration-Tool_chapter_0111.html

 

From your lsit can migrate objects, NAT, access-lists. You should be able to manually export the certificates from the ASA and import to the FMC. Example.

 

HTH

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Rob Ingram

‎05-25-2021 12:52 AM

You can export CA certificates but not generally identity certificate - that requires the device's private key to be usable.

I get the issuing CA to rekey the certificate based on either new CSR generated from FTD or one I generate from XCA. The latter is preferable so that I can combine the issued certificate with the private key and the certificate chain into FMC.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card