Migrate VPN profiles from VPN concentrator to ASA

bberry · ‎05-26-2010

We are in the process of getting a new ASA 5520 configured to replace our old PIX 515e and VPN concentrator. I have quite about 15 different tunnels defined on the VPN concentrator and am wondering if there is a way to migrate these to the ASA without having to create them from scratch. We are planning to continue support of the older IPSec VPN until we can get up to speed on the AnyConnect.

Brent

Todd Pula · ‎05-26-2010

TAC has a beta tool that can convert a 3k config to an ASA format. As this tool is considered beta, I would recommend that you use the resulting output file as a guide and not upload it directly to the ASA. You will need to disable config file encryption and then export the 3k config in XML format before providing it to TAC.

Administration -> Access rights -> Access settings ->Config File Encryption

Administration -> File Management -> XML Export

bberry · ‎06-29-2010

Have been going back and forth with Tac for a while and it now seems that there can be no special characters in passwords or shared keys. I have removed and @ or $ from tunnel passwords and shared keys and sent another exm exported config to TAC. We shall see if their tool will now work with it.

They stared with saying it was in the wrong XML format but cannot see how that can happen when there is no way to specify anyting in the way of a format.

Brent

peterfagg · ‎01-13-2011

Hi Todd,

Ref previous post about migrating concentrator config over to a ASA5520, Do you know if Cisco have got past the beta stage of the tool, Or will we still have the issues of incorrect counters/characters as stated in the post.

Also if the tool is available do you know where i need to go to get it.

Cheers

Peter

Todd Pula · ‎01-13-2011

This tool is only available to TAC and is still considered beta.

peterfagg · ‎01-14-2011

Thanks Todd...of to Tac we go..lol