cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
969
Views
5
Helpful
2
Replies

ASA ipsec vpn ACL migration to FTD managed with FMC

CiscoAzs
Level 1
Level 1

Hello everybody, i have task to  replace asa 5525 with 2230 ftd in production network. interface ACL are migrated by migration tool to prefilter policies. now i try to copy vpn configuration but in FMC i see the pool for source networks and  a pool for destination networks, and no port selection option at all. now how  can i migrate this ACEs to FTD

 

access-list vpn_a extended permit ip 10.12.0.0 255.255.255.0 192.168.22.0 255.255.255.0
access-list vpn_a extended permit ip 10.15.2.0 255.255.255.0 10.17.10.0 255.255.255.0

 

access-list vpn-c extended permit tcp host 172.9.13.130 host 172.9.13.20 eq 8443
access-list vpn-c extended permit tcp host 172.9.13.133 host 172.9.13.22 eq 10666

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

I just tested adding your first VPN C  ACE with tcp/8443 destination port and it worked fine using FMC 6.2.3. See the following extended ACL definition:

 

FMC Extended ACL.PNG

 

 

thank you for answer,

you are right, adding extended ACL for interested traffic selection available from FMC version 6.2.3

on version 6.2.2 i didn,t find this feature.