cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
281
Views
3
Helpful
3
Replies

ASA5525 import/migrate NAT rules to Secure Firewall 3100

Ced W
Level 1
Level 1

Hi,
I am charged with replacing our ASA 5525 with a Secure Firewall 3100. the current ASA is bloated with a lot of dated configuration. However I have managed to consolidate the NAT rules but there are still a lot. How do I copy/paste the NAT from ASA5525 to Firewall 3100 using the ASDM ...? I have looked through the backup settings and NAT rules aren't specifically called out to backup solo. I am using the ASDM because this is a federally regulated device. the export function seems to be broken within ADSM. It will not even let me export a single NAT rule, when I open the exported Excel file, it is empty.

both devices are running ASDM 7.18(1)152

P.S. is there also an easy option to port over access rules, network/service objects ...? Thank you

1 Accepted Solution

Accepted Solutions
3 Replies 3

ccieexpert
Level 1
Level 1

i assume you are using FTD and not ASA codebase.. if you using FMC then you can use the firewall migration tool to migrate the config. Majority of the config can be migrated over.

ASA to FTD managed via FMC:

 

https://www.cisco.com/c/en/us/products/security/secure-firewall-migration-tool/index.html

ASA to FTD using FDM/CDO

https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide-CDO/ASA2FTD_Using_CDO/ASA2FTD_with_FP_Migration_Tool_cdo_chapter_011.html

https://www.cisco.com/c/en/us/products/security/secure-firewall-migration-tool/index.html

Marvin Rhoads
Hall of Fame
Hall of Fame

Definitely use the Firewall Migration Tool as suggested by @ccieexpert. It will do 90% or more of the work for you and minimize human error.

Ced W
Level 1
Level 1

No guys, I am not using FTD. While I have a good understanding of route/switch, I am new to Firewalls, at least implementation of firewalls. I was going through the guide on which application and managers to use but somehow, I ended up implementing the ASDM and not utilizing FTD. I would like to use FTD though because simple because we don't like it and want to use as much as the firewall's capabilities as possible.

Review Cisco Networking for a $25 gift card