06-17-2017 08:56 AM - edited 03-12-2019 02:36 AM
Hello,
I would like to know some features in Cisco ASA as compared to Juniper SRX:
Following are the Juniper Configuration need to migrate into Cisco ASA. I am not getting in Cisco ASA,How to Migrate.
1. HA Configuration :
Example:
set groups node0 system host-name <name-node0>
set groups node1 system host-name <name-node1>
set chassis cluster redundancy-group 0 node 0 priority 100
set chassis cluster redundancy-group 0 node 1 priority 1
set chassis cluster redundancy-group 1 node 0 priority 100
set chassis cluster redundancy-group 1 node 1 priority 1
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/0 weight 255
#
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/1 weight 255
#
set chassis cluster redundancy-group 1 interface-monitor ge-3/0/0 weight 255
#
set chassis cluster redundancy-group 1 interface-monitor ge-3/0/1 weight 255
set interfaces <node0-interface-name> gigether-options redundant-parent reth0
set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth1 unit 0 family inet address 192.168.1.1/2
2) Juniper Class of Service:
set class-of-service forwarding-classes
set class-of-service interfaces
set class-of-service scheduler-maps
set class-of-service schedulers
3)
NAT: juniper has no nat configuration and static and source nat configuration: but in juniper is zone base firewall,
one zone has 2 interfaces, when we convert in to ciscowe need to apply NAT for every interfaces which is assign to that zone:
but NAT is shadowing because source and destination address are same only interfaces are different.
4) Firewall Filter: Juniper has Filter policies which has multiple source addresss from address and from port and from protocol
then permit.and SNMP community is called in Firewall filter for snmp access.
5) RPM: real-time Performance monitoring:
6) IP Monitoring: IP monitoring policy which matches RPM probe then prefer routes.
I have tried to search, but not able to find anything relevant.
please help me out, if someone has done that.
Thanks
Shubham
06-18-2017 01:16 PM
1. Here is a guide of configuring active/standby failover - the most common type of ASA HA used. There are also VPN clusters, and clusters in general.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/ha_active_standby.pdf
2. I don't know what Juniper class of service maps do.
3. I don't know. There is not enough information for me to understand how to help you.
4. These sounds like plain access lists.
5. Use the ASDM for easy GUI monitoring.
6. This sounds like tracked routes. You can combined these with "ip sla" monitoring.
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide