Re: Looking for some guideline to Copy Site to Site VPN Config

MSJ1 · ‎07-04-2024

Looking for some guideline to Copy Site to Site VPN Config.

I have 100+ Site to Site VPN Topology Config which I need to move to another different FMC

Source FMC is a VM and Destination FMC is Hardware.

Is it possible I can use RESTAPI or Python to copy S2S VPN Topology Config and write it at Destination FMC

balaji.bandi · ‎07-05-2024

If they are same version, you can backup and restore on new FMC.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MSJ1 · ‎07-05-2024

@balaji.bandi You meant to restore FMC or FTD ? Note that in Destination FMC I have other Devices I am already managing.

balaji.bandi · ‎07-06-2024

i was suggesting thinking that brand new FMC, if you already have FMC managing other device then you need to move relevant config only to FMC, API is best method (but need to be cautious - any objects same name so check before you Migrating)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MSJ1 · ‎07-04-2024

I have a task need to copy / move 100+ VPN Topology Config from One Virtual FMC to another Hardware FMC.

I have seen export / import or get/push do not copy the this config over.

Looking for insight on this how to achieve this.

Can I use RestAPI ?

bigevilbeard · ‎07-05-2024

I think you can do this via the RESTAPI and python. From the docs it looks like you use

Request Type: GET

Description: Retrieves the Firepower Threat Defense Site to Site VPN topology associated with the specified ID. If no ID is specified, retrieves a list of all Firepower Threat Defense Site to Site VPN topologies.

URL: /api/fmc_config/v1/domain/{domain_UUID}/policy/ftds2svpns

URL for GET by ID: /api/fmc_config/v1/domain/{domain_UUID}/policy/ftds2svpns/{topology_UUID}

As this would be blank, you need the POST on the next request to the new device

Request Type: POST

Description: Creates a Firepower Threat Defense Site to Site VPN topology with the specified parameters.

URL: /api/fmc_config/v1/domain/{domain_UUID}/policy/ftds2svpns

Here is the API doc for more information. https://www.cisco.com/c/en/us/td/docs/security/firepower/630/api/REST/Firepower_Management_Center_REST_API_Quick_Start_Guide_630/Objects_in_the_REST_API.html

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

MSJ1 · ‎07-05-2024

@bigevilbeard

Hi I was using POST as below but it does not seem to create a VPN Topology. There is an error 422 says UnProcessable Entity.

I was hoping this will create a sample VPN topology but it did not. Definitely i am missing some steps.

bigevilbeard · ‎07-06-2024

The 422 Unprocessable Entity error typically means that while the request itself is valid, the FMC couldn't process the data you sent due to issues with the content. You could have missing or invalid data fields, missing dependencies, or a data conflict… Are you trying the entire copy here or just a small subsection?

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

MSJ1 · ‎07-06-2024

@bigevilbeard

I am trying to do a full copy of VPN Topology.

Here from restapi console , i tried to POST the whole content shown at Input Presentation section as shown from earlier attached image.

Note I did not change any value shown at Input Presentation section.