Showing results for 
Search instead for 
Did you mean: 

satya mothukuri

VPN 3000 to ASA 5545X Migration


  Hi All,

  we have a plan to migrate our VPN 3000 to ASA 5545x. I need to know the following points.

  1. Is there any tool for converting the config of vpn 3000 to ASA?
  2. can i create the config in ASDM demo mode and upload the same config to real ASDM(real ASA)?
  3. Whan kind of approch we have to follow?
  4. Do any one have the action plan?
  5. Is there any document for step by setp convertion.

Thanks inadvance.




Marvin Rhoads
VIP Community Legend

Sorry but there's no quick and easy way.

Re your specific questions:

1 & 2. No.

3 & 4. Analyze functions of your VPN 3000 setup and make notes. Study and learn ASA VPN capabilities and how to implement them. Note new features available and make an informed decision about any you choose to use. Build VPN in your lab and confirm it works as desired. Transition to production use along with good communications to users about changes and how to understand them. How much really depends on how you are using the system and your users' comfort level with technology change.

5. No.



Thanks Marvins ...

 I was going tru all this things, but to make thing faster and confident i have requested this.


Cisco has some tool's like beta tool looking for them, if they really help. I know nothings works as plug n play at core level.




Rising star

Hi Satya,

Please follow the below mentioned steps to make your things simpler and you can gain more confident in doing it.


1) 1st collect the VPN settings what you have deployed in VPN concentrator.... have that information handy with you, which should include the access information for the vpn users.

2) ASA has different VPN options to do with IPSec RA /  Anyconnect / L2L etc. You can choose the VPN option which you are planning to migrate.

3) If you have the spare public IP... then you can build the parallel setup using a new public ip and have the VPN setup created and test it end to end... then you can either migrate to the IP of the VPN concentrator or a new IP itself.


in ASA Conf t#  vpnsetup ipsec-remote-access steps

will give you config example of ipsec RA... also you can find information for site to site, ssl vpn, l2tp vpn as well.... this will give you the simple information about VPN.... you can add the setup based on your requirement.... like 3rd party authentication.... etc as per your requirement.





Recognize Your Peers
Content for Community-Ad