Re: Cisco FTD ConfigurationMigration

Amit Singh2000 · ‎03-22-2020

Hi Team

Could you please help me find a solution, unfortunately i couldn't find a similar use case on the internet. I am sure someone in this forum has done this and i would like to understand the configuration migration process.

Here is the scenario.

We have a customer running Cisco FMC version 6.4.X running on Vmware and a single device Cisco ASA5561-X with FTD image version 6.4.X managed by the FMC.

The customer has decided to buy Two 1140 FTD appliances and run A/S HA. We have to migrate the configuration from Cisco 5516-X to Cisco FTD1140 running exact same version 6.4.X

I tried to the new push and get feature, its doesn't move all the configuration. Is there a simple and easy way to move all the configuration that's loaded on Cisco 5516-X to Cisco FTD version 1140 ?

Some of the configurations that's part of the current config is

1) Sub-interface for Outside interface, we have TWO ISP connections.

2) Remote access VPN

3) 20 odd NAT rules.all associated with IP's and not with physical interface.

4) BGP cofniguration

5) Approximately 100 Rules.

i will hate it if i have to manually move all of this and no easy way exists.

Thanks in advance .

Regards

Amit

Rob Ingram · ‎03-22-2020

Hi,
If the new FP1140 devices are going to be managed by the same FMC that the 5516 is, then you just need discover the FP1140, apply the interface and routing configuration. You can then apply the same NAT Policy, ACP and Remote Access VPN configuration that you currently use on the 5516.

HTH

Marvin Rhoads · ‎03-22-2020

What @Rob Ingram said. The ACP, NAT and VPN bits can be associated with the new device pair.

You will usually need to redo the certificate on the new devices (unless you generated the CSR separate from the old ASA running FTD).

Interface bits and the routing will need to be reconfigured manually.