Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8049
Views
0
Helpful
5
Replies

Do you know there is a way to export VPN through ASDM ?

Go to solution
eigrpy
Level 4
Level 4

‎07-21-2015 07:23 PM

Dear All

Do you know there is a way to export VPN through ASDM ? There are a lot VPN in our ASA. It would take a lot time to transfer VPN one by one from one ASA to anther. I hope to export VPN configuration and then import it to anther ASA. Anyone have some idea on it ? Thank you 

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎07-21-2015 08:11 PM

Hello,

Please follow the thread for SSL VPN
https://supportforums.cisco.com/discussion/12562686/migration-anyconnect-vpn-issues

For IPSec VPN, you might want to manually copy phase 1 , phase 2 configuration from one device to another or copy the whole configuration and then truncate the redundant output.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

0 Helpful

Go to solution
Douglas Holmes
Level 1
Level 1
In response to Dinesh Moudgil

‎07-22-2015 12:00 PM

I do ASA's with IPSEC site to site and AnyConnect for a living.  Very specific job.  But I do a lot of them.  I made a script by taking a known working good configuration and identifying the variables.  I then can make a configuration for a new ASA in my "cookie cutter" format very quickly.  This includes AnyConnect.  However you may or may not be doing a lot and just have one on your mind. 

You can export your configuration in the ASDM and move it to a new device.  The setting for the new device would be the same as for the old device.  You might have to do some basic stuff like generating new keys or working with certificates if needed.  But it can be done.  I prefer a cut and past in the command line.  I move files after the device is configured.  With the ASDM you can import and export a configuration.  With command line I start with a write erase on the new device and then cut and paste only what is necessary.  Under tools in the ASDM use "backup" and "restore". 

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎07-21-2015 08:11 PM

Hello,

Please follow the thread for SSL VPN
https://supportforums.cisco.com/discussion/12562686/migration-anyconnect-vpn-issues

For IPSec VPN, you might want to manually copy phase 1 , phase 2 configuration from one device to another or copy the whole configuration and then truncate the redundant output.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

Go to solution
Douglas Holmes
Level 1
Level 1
In response to Dinesh Moudgil

‎07-22-2015 12:00 PM

I do ASA's with IPSEC site to site and AnyConnect for a living.  Very specific job.  But I do a lot of them.  I made a script by taking a known working good configuration and identifying the variables.  I then can make a configuration for a new ASA in my "cookie cutter" format very quickly.  This includes AnyConnect.  However you may or may not be doing a lot and just have one on your mind. 

You can export your configuration in the ASDM and move it to a new device.  The setting for the new device would be the same as for the old device.  You might have to do some basic stuff like generating new keys or working with certificates if needed.  But it can be done.  I prefer a cut and past in the command line.  I move files after the device is configured.  With the ASDM you can import and export a configuration.  With command line I start with a write erase on the new device and then cut and paste only what is necessary.  Under tools in the ASDM use "backup" and "restore". 

 

0 Helpful

Go to solution
eigrpy
Level 4
Level 4
In response to Douglas Holmes

‎07-22-2015 12:41 PM

Thank you both for replying. The old one is asa5540 and new one is asa5555.

I do not know if ASDM could be used for transferring between the two types of ASA

Another issue is that  there are a lot stuff in old one in old one, some of them are inactive. we hope to just pick up the active ones among them. And we have to pickup all of active components and wont miss any active components. If we use asdm, at least we maybe pick up all of them.

Thank you so much for your suggestion! 

 

 

0 Helpful

Go to solution
Douglas Holmes
Level 1
Level 1
In response to eigrpy

‎07-22-2015 01:10 PM

I just migrated from an old series to the new series.  I slowly reviewed the entire configuration.  Did a good backup.  I eliminated all those configuration parts that I knew I could delete.  Old rules (both nat and firewall) were made inactive and not deleted.  I then moved the configuration to the new device.  It wasn't too bad.  I wired up the new firewall with the uplink ports turned down.  Maintenance night I turned the ports up for the new firewall and the ports down for the old one.  Almost everything worked with the exception of a few NAT rules.  I guess good planning goes a long way.  You could try moving the whole thing to the new one.  There aren't too many changes in the ASA code from the old device to the new one. 

 

0 Helpful

Go to solution
eigrpy
Level 4
Level 4
In response to Douglas Holmes

‎07-22-2015 01:32 PM

Our old ASA is doing too much work. we would like new one share the work with old one. So, we want new one doing vpn work only. If we copy all configuration to the new one, it would be relatively easy for us to transfer. but this would make the configuration in new asa bigger. so, based on the present information we have, we want to transfer anyconect vpn with asdm and l2l vpn manually. 

Now I dont know how to transfer username attribute, which may be associated with active directory in Windows server. Do you have any experience with it ? or directly copy it ? We hope the new configuration in new asa is smaller. Thank you 

0 Helpful
Customers Also Viewed These Support Documents