The latest iteration (v2.3.4) of the Cisco Secure Firewall Migration Tool adds public beta support for S2S VPN migrations from ASA:
- Policy-based (crypto map) Pre-Shared key authentication type VPN configuration to Firepower Management Center
- VPN Objects—Creates VPN Objects (IKEv1/IKEv2 Policy, IKEv1/IKEv2 IPsec-Proposal), maps the VPN objects with the specific Site-to-Site VPN topologies, and migrates the objects to Firepower Management Center.
- Site-to-Site VPN Topology—The crypto map related configuration in source ASA config are migrated with respective VPN objects. Policy-based (crypto map) VPN Topology are supported on FMC version 6.6 and above.
In this release, Firepower Migration Tool supports migration of static crypto map only. All supported ASA crypto map VPN will be migrated as FMC point-to-point topology.
Expect further enhancements and capabilities in the coming 2.4 release (planned for this summer).
If you have any questions, feedback or are looking for additional features, please engage fmt-feedback@cisco.com
For technical assistance, please contact Cisco TAC www.cisco.com/tac