Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
850
Views
0
Helpful
3
Replies

Converting ASA 5516-X that does everything to FPR-1100

RANT
Level 1
Level 1

‎04-27-2022 12:52 PM

My current 5516-X pair is acting as internet border, AnyConnect VPN headend, and IPSec VPN concentrator. Looking at converting to an FPR-1100 pair. If these are the only FW pair using FTD software, do I need the FMC software? Also, are there any guides out there for converting all of these functions from ASA to FTD code?

0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎04-27-2022 01:01 PM - edited ‎04-27-2022 01:23 PM

@RANT If using the FMC to manage the FTD you do get more supported features compared to if managed the FTD locally using FDM. What functionality of the RAVPN do you currently use? Of the top of my head, FDM does not currently support dynamic split tunnelling or a tunnelled default route for VPN traffic.

 

Here is a re-image guide https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html.... however you'd have to reconfigure the device from scratch. There is a migration tool if using FMC to manage the FTD, but there is none if using FDM. You can purchase a relatively cheap FMCv license to manage 2 devices.

0 Helpful

RANT
Level 1
Level 1
In response to Rob Ingram

‎04-27-2022 01:42 PM

So I'm not doing the dynamic split tunneling at the moment using FQDNs. I'm doing split tunneling using the standard ACL applied to the AnyConnect Connection profile.

0 Helpful

Rob Ingram
VIP
VIP
In response to RANT

‎04-27-2022 01:47 PM

@RANT fine, standard split tunnelling with FDM is supported.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card