Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1430
Views
15
Helpful
6
Replies

transferring NAT with Firepower Migration Tool

kapydan88
Level 4
Level 4

‎01-15-2021 03:58 AM

Hello for everybody.

 

Initial data - ASA-5515X with NAT and firepower 1140 managed by FMC. 

Is it possible to transfer only NAT rules from ASA-5515X to FP1140 using this Firepower Migration Tool? 

 

After watching video on youtube and reading config guides, it was believed that the config from the ASA can be picked up in two ways - by downloading it in text (notepad++) and connecting to the ASA directly from migration tools. But it is possible to transfer only NAT rules is unclear.

0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎01-15-2021 04:28 AM

if it is less NAT policies, then i go with Notepad++ it give ability learn what NAT rules are in place and any one required to remove you can make them redundant.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kapydan88
Level 4
Level 4
In response to balaji.bandi

‎01-15-2021 04:44 AM

There are about 50-60 nat rules.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to kapydan88

‎01-15-2021 04:54 AM

if it 50-60 i do manually, but you can use the migration tool.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-15-2021 04:39 AM

Yes - during the FMT process you have the option of transferring the whole configuration (or at least as much as the tool supports) or only selecting sections such as the NAT rules or access-lists or objects.

kapydan88
Level 4
Level 4
In response to Marvin Rhoads

‎01-15-2021 05:11 AM - edited ‎01-15-2021 06:14 AM

Moment with a whole configuration we didnt consider, because the inside and outside addresses were changed.

 

And if we transfer from ASA to HA of FP1140, we need to specify the mgmt address of the main device.

kapydan88
Level 4
Level 4

‎01-22-2021 11:34 AM

Before this transfer of NAT rules, i deleted all unused rules. As a result, there were about 10 used. I moved all manually.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card