Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
645
Views
0
Helpful
5
Replies

Juniper to Cisco ASA

shubhamkulkarni39
Level 1
Level 1

‎07-02-2015 02:55 AM - edited ‎03-11-2019 11:12 PM

Hey, 

 

can Anyone Guide me for Juniper to Cisco ASA 

 

 

Thanks

Labels:
0 Helpful
5 Replies 5

Ji-Won Park
Level 1
Level 1

‎07-04-2015 01:23 PM

Hi,

FW migration is tough, that's why lots of companies engage third party to provide PS.

You have to look into lots of features of the firewall - I personally never did Juniper to ASA, but have done Fortinet, Palo Alto, ASA, Checkpoint.

 

1. Interfaces & Routing

2. objects & NAT

3. VPN (site-to-site & remote)

4. Additional Features

 

You have to start with internet functionality which is related to your interfaces, routing, objects, and NAT. Once you finish doing those, you can start VPN configuration and testing. I normally prepare one L3 switch to simulate inside and outside of the network so you can actually simulate VPN connectivity including remote access. Once you finish VPN, you get into additional features that are specialized in different vendors. At this moment, you would be looking at FirePOWER service with ASA to provide NGFW functionality (URL, Malware, IPS).

 

Hope it helps.

g1

0 Helpful

shubhamkulkarni39
Level 1
Level 1
In response to Ji-Won Park

‎07-05-2015 01:01 AM

Thanks JI won park ,

 

I think in fw migration , NAT and policies are very happy important, in my case juniper config is totally different, so what are the best practices for successful migration?

0 Helpful

Ji-Won Park
Level 1
Level 1
In response to shubhamkulkarni39

‎07-05-2015 03:35 AM

Configuration is different across all different vendors. The best practice is to follow the guideline I provided.

g1

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to shubhamkulkarni39

‎07-06-2015 01:25 PM

Hello,

 

As mentioned by Ji Won Park the configuration is way different on both units.

 

My recommendation is to start moving the interface configuration (IP address information).

 

Once you have IP reachability work in the ACLs (This would be the Security Policies on the Juniper Side).

 

Last you can work on the NAT and if any VPN configuration.

 

You can leave the Specific Application Inspection Engine configuration for later as their way of working is way different.

 

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Mohamed Elbeshti
Level 1
Level 1

‎08-20-2016 06:19 AM

if you have configuration i will translate it to cisco 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card