11-11-2009 10:07 PM - edited 02-21-2020 03:47 AM
Hi Netpros,
I probably already know the answer .. 'NOPE' .. but want to try just in case some of you had worked out a way of migrating the configuration from a Cisco VPN concetrator to an ASA without having the redo the whole config almost from scratch .. we are talking about 50+ L2L tunnels and several VPN remote groups. Your assistance is much appreciated
Solved! Go to Solution.
11-13-2009 01:55 PM
Adding to this. TAC can get you a rough conversion of your config through our beta tool but you should do these things if opening the ticket:
1. IMPORTANT: Pull the config off your concentrator as unencrypted XML - Check under Administration>Access Rights>Access Settings and confirm Config File Encryption is set to None (default) and then under Administration>File Management>XML Export you can save off the config file and attach it to your case for me.
2. Name of your Account Team or SE.
3. Current version of code the concentrator is running
4. Current version of code on the ASA and the ASA platform information
5. If your configuration includes DHCP and/or DNS, which interfaces will
it be enabled on?
6. If you have any static routes, NTP server and/or Zone Lab Server
specified with a hostname instead of an IP in your configuration, please
provide the IP address as well.
7. IP addresses of all interfaces on the ASA.
-heather
11-13-2009 10:28 AM
50+ L2L - Painfull!!
Have not come across a semeless way - and you know there is no utility that I know of Cisco has come up with - only a doc pdf file out there for just comparing sysntax .
In your situation I would probably have both in parallel and migrate each tunnel one at a time.
my 2 cents.
Regards
11-13-2009 11:37 AM
TAC has a beta tool that can convert a 3k config to ASA format. It isn't a perfect conversion but probably better than starting from scratch. I would start by opening a case with TAC.
11-13-2009 01:55 PM
Adding to this. TAC can get you a rough conversion of your config through our beta tool but you should do these things if opening the ticket:
1. IMPORTANT: Pull the config off your concentrator as unencrypted XML - Check under Administration>Access Rights>Access Settings and confirm Config File Encryption is set to None (default) and then under Administration>File Management>XML Export you can save off the config file and attach it to your case for me.
2. Name of your Account Team or SE.
3. Current version of code the concentrator is running
4. Current version of code on the ASA and the ASA platform information
5. If your configuration includes DHCP and/or DNS, which interfaces will
it be enabled on?
6. If you have any static routes, NTP server and/or Zone Lab Server
specified with a hostname instead of an IP in your configuration, please
provide the IP address as well.
7. IP addresses of all interfaces on the ASA.
-heather
11-14-2009 06:05 PM
Is the conversion tool process only available via tac case?
11-14-2009 09:31 PM
Yes, because it's an internal tool. sorry.
Regards
M
11-15-2009 12:40 PM
Thank you - but good to learn at least there is a tool / +5.
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: