Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1172
Views
5
Helpful
3
Replies

Firewall Migration Tool error

Go to solution
keithcclark71
Level 3
Level 3

‎06-20-2022 01:07 PM

Love the tool thus far but nothing is ever perfect so I hope to get some help here n there on some migration issues I come into. The one I have today is the attached screenshot. "

Migration Unsuccessful!

Error while pushing s2s vpn: Device interface doesn't support VPN."

pushFailedforS2sVPN.jpg

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rhuysmans
Level 1
Level 1

‎06-20-2022 07:41 PM - edited ‎06-20-2022 07:41 PM

Hi, it looks to me like you just want to delete the FTD device and rebuild it again manually. No problems. Remember that the Policies created by you or the FMT will still remain, as will all the objects and groups in the Object Management tab. You can use these for your new FTD. This includes the interface group objects and zone objects.

If you want to run the FMT again, you can choose what you want to migrate from your ASA config but if you want to run the full FMT then manually deleting all the policies, objects and groups will be the best action, otherwise you may get duplicates. This shouldn't pose a problem as you'll select what you want to use but it's just messy.

Good luck.

View solution in original post

3 Replies 3

Go to solution
rhuysmans
Level 1
Level 1

‎06-20-2022 05:15 PM

You haven't mentioned what type of interface you're using but are you trying to create the s2s VPN on a sub-interface?  The FMT doesn't do sub-interfaces so you'll need to create this manually.

0 Helpful

Go to solution
keithcclark71
Level 3
Level 3
In response to rhuysmans

‎06-20-2022 07:22 PM

Hey thuysmans when I went through the tool it just errored on the s2s tunnels. I'm not concerned with now but what I want to now do is delete the FTD from the FMC that I ran the tool against and pushed the config to so that I can run the tool again. Do I need to manually delete everything the tool brought over to the FMC like objects, NAT, ACP or will deleting the FTD from the FMC also remove any settings related to it.Thougts if you don't mind?I was thinking I could do some things then run the tool again but was thinking it might duplicate the existing objects from the first job run by the tool 

0 Helpful

Go to solution
rhuysmans
Level 1
Level 1

‎06-20-2022 07:41 PM - edited ‎06-20-2022 07:41 PM

Hi, it looks to me like you just want to delete the FTD device and rebuild it again manually. No problems. Remember that the Policies created by you or the FMT will still remain, as will all the objects and groups in the Object Management tab. You can use these for your new FTD. This includes the interface group objects and zone objects.

If you want to run the FMT again, you can choose what you want to migrate from your ASA config but if you want to run the full FMT then manually deleting all the policies, objects and groups will be the best action, otherwise you may get duplicates. This shouldn't pose a problem as you'll select what you want to use but it's just messy.

Good luck.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card