Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2484
Views
5
Helpful
5
Replies

Transfer Config from a Cisco 3030 VPN Concentrator to ASA 5520

Go to solution
muzzia321
Level 1
Level 1

‎03-07-2013 10:39 AM - edited ‎02-21-2020 04:50 AM

Hello,

I have a Cisco 3030 VPN concentrator, and I need to transfer to config to a new ASA 5520.  My boss said that I should be able to port the config directly to the ASA, but I have TFTP'd the config to my TFTP server to look at it, and it is nothing like the ASA config setup. So I believe that copy and paste is out of the question.

My boss also told me he wasn't sure but I may need some sort of tool or software to make this transfer. Though, I have searched the internet for the past 2.5 hours, but couldn't find an answer on how I could go about doing this.  I have never really worked with the 3030 Concentrator before, so I'm not really sure what most of the config means, since it is so different.

Does anyone have any info on how I could do this transfer easily? Any help would be appreciated.

Thanks in advance

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Karsten Iwen

‎03-09-2013 10:08 PM

The opinion of the boss of the original poster that he should be able to port the config directly from 3030 to ASA is logical but incorrect. You certainly can not copy the config directly from 3030 to ASA.

There used to be a utility that would take a 3000 config as input and suggest a config for ASA. I remember working with a Cisco SE to have the utility help me with a conversion. The result was very seriously flawed. :(
I am not sure the utility still exists - and if it did my experience was so bad I would not try it again.

The 3000 concentrator was certainly oriented to its GUI interface. Trying to look at the text config file to understand what is going on is an exercise in futility. The original poster needs to understand and document the current functionality and then figure how to configure the ASA to do this.

HTH

Rick

Sent from Cisco Technical Support iPad App

HTH

Rick

View solution in original post

5 Replies 5

Go to solution
Karsten Iwen
VIP
VIP

‎03-08-2013 02:18 PM

There is no easy transfer of the config. Migrating a complex VPN3000 config is defenitely hard work. You find some help in the VPN3000 to ASA migration-guide:
http://www.cisco.com/en/US/docs/security/asa/asa72/vpn3000_upgrade/upgrade/guide/migrate.html

It's only for ASA v7.2 and I'm not aware of any newer version. But still it's a starting-point for the migration.


Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Karsten Iwen

‎03-09-2013 10:08 PM

The opinion of the boss of the original poster that he should be able to port the config directly from 3030 to ASA is logical but incorrect. You certainly can not copy the config directly from 3030 to ASA.

There used to be a utility that would take a 3000 config as input and suggest a config for ASA. I remember working with a Cisco SE to have the utility help me with a conversion. The result was very seriously flawed. :(
I am not sure the utility still exists - and if it did my experience was so bad I would not try it again.

The 3000 concentrator was certainly oriented to its GUI interface. Trying to look at the text config file to understand what is going on is an exercise in futility. The original poster needs to understand and document the current functionality and then figure how to configure the ASA to do this.

HTH

Rick

Sent from Cisco Technical Support iPad App

HTH

Rick

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Richard Burts

‎03-10-2013 09:07 PM

That's my experience as well, Rick.

0 Helpful

Go to solution
muzzia321
Level 1
Level 1

‎03-11-2013 08:26 AM

Thank you all for your help.  My boss thought there might have been a way to do this, but wasn't sure and that's why he has me looking this up.

I figured I would just have to go through the GUI and find out how to duplicate the config on the ASA. I have found that the ASDM software for the ASA is very helpful in doing this. It makes the duplication much less strenuous, and matches a little better than trying to figure it out in the CLI.

It is also nice that ASDM has wizards to help you set up many options on the ASA.  (***Note this for anyone else asking this question****)

Again, Thanks to all

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to muzzia321

‎03-12-2013 08:36 PM

Glad to hear the answers helped.

I would only suggest aht you start out with ASA software version 8.4 (or 9.1) if your device has the memory to support it. You'll be better off using the newer NAT setup and will have the broadest feature set going forward on that path.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card