06-20-2022 01:07 PM
Love the tool thus far but nothing is ever perfect so I hope to get some help here n there on some migration issues I come into. The one I have today is the attached screenshot. "
Error while pushing s2s vpn: Device interface doesn't support VPN."
Solved! Go to Solution.
06-20-2022 07:41 PM - edited 06-20-2022 07:41 PM
Hi, it looks to me like you just want to delete the FTD device and rebuild it again manually. No problems. Remember that the Policies created by you or the FMT will still remain, as will all the objects and groups in the Object Management tab. You can use these for your new FTD. This includes the interface group objects and zone objects.
If you want to run the FMT again, you can choose what you want to migrate from your ASA config but if you want to run the full FMT then manually deleting all the policies, objects and groups will be the best action, otherwise you may get duplicates. This shouldn't pose a problem as you'll select what you want to use but it's just messy.
Good luck.
06-20-2022 05:15 PM
You haven't mentioned what type of interface you're using but are you trying to create the s2s VPN on a sub-interface? The FMT doesn't do sub-interfaces so you'll need to create this manually.
06-20-2022 07:22 PM
Hey thuysmans when I went through the tool it just errored on the s2s tunnels. I'm not concerned with now but what I want to now do is delete the FTD from the FMC that I ran the tool against and pushed the config to so that I can run the tool again. Do I need to manually delete everything the tool brought over to the FMC like objects, NAT, ACP or will deleting the FTD from the FMC also remove any settings related to it.Thougts if you don't mind?I was thinking I could do some things then run the tool again but was thinking it might duplicate the existing objects from the first job run by the tool
06-20-2022 07:41 PM - edited 06-20-2022 07:41 PM
Hi, it looks to me like you just want to delete the FTD device and rebuild it again manually. No problems. Remember that the Policies created by you or the FMT will still remain, as will all the objects and groups in the Object Management tab. You can use these for your new FTD. This includes the interface group objects and zone objects.
If you want to run the FMT again, you can choose what you want to migrate from your ASA config but if you want to run the full FMT then manually deleting all the policies, objects and groups will be the best action, otherwise you may get duplicates. This shouldn't pose a problem as you'll select what you want to use but it's just messy.
Good luck.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide