09-13-2024 03:59 PM
I am attempting to migrate an ASA configuration to FTD and when I run the migration tool and the below selected the parsing fails.
When I deselect RAVPN option the parsing is successful. What could be causing this?
I have checked the licencing on the FMC and it is missing the Anyconnect features as does the licencing portal, would this cause this migration to fail at this step?
I have add the Anyconnect win/linux/mac profiles to the FMC. Is anything else required to start the migration of RAVPN?
09-13-2024 11:49 PM
- Check this thread : https://community.cisco.com/t5/network-security/can-t-migrate-ravpn-config-from-asa-to-ftd/td-p/4772716
M.
09-17-2024 03:18 AM - edited 09-17-2024 03:20 AM
Thanks for the reply. I have a single context and used the live connect so not sure if this thread is related. Parsing fails when RAVPN option is selected and returns a list index error seen below. When I deselect RAVPN the parsing is successful.
09-17-2024 03:35 AM
The error message "list index out of range" typically indicates that you're trying to access an element in a list that doesn't exist.
Check for any syntax errors or inconsistencies. Verify that the RAVPN profile names and settings are valid and match the corresponding profiles in your FTD environment. As you mentioned, the AnyConnect license might be missing or incorrect. Check the FMC and licensing portal to confirm that the necessary licenses are in place. I cant think of anything else.
09-17-2024 03:46 AM
I will check the config for syntax errors. The FMC/FTD having AnyConnect Apex licensing selected but it is showing out of compliance would this prevent the migration tool from parsing the config?
09-17-2024 04:05 AM
I think yes but I am not sure of this.
09-17-2024 03:58 AM - edited 09-17-2024 04:01 AM
I have not copied profiles across from the current ASA configuration. Does this need to be done before parsing?
These are the profiles I have found on the ASA
anyconnect profiles Mobile_ACP disk0:/Mobile_ACP.xml
anyconnect profiles PortalUser_client_profile disk0:/PortalUser_client_profile.xml
anyconnect profiles Resilient_ACP disk0:/Resilient_ACP.xml
Is there a guide on how to do this?
09-17-2024 04:04 AM
Yes, you need to copy the AnyConnect profiles from your current ASA configuration to the FMC before running the migration tool. These profiles contain important settings and configurations that are necessary for the successful migration of your AnyConnect VPN. Without them, the migration tool might not be able to properly configure the AnyConnect VPN features on your FTD.
09-17-2024 04:06 AM
Ok, I will look into this and re-run the migration tool
09-17-2024 04:12 AM
check this video might help you out
https://www.youtube.com/watch?time_continue=3&v=Beha9K7oPhI&embeds_referring_euri=https%3A%2F%2Fwww.perplexity.ai%2F
09-19-2024 12:31 AM
Hi,
I have a list of the profiles and am attempting to upload them to the FMC via objects > vpn > anyconnect file.
Here are files I have pulled off the ASA.
How do I determine which file type to use for each of the above?
09-20-2024 03:24 AM
you have to select anyconnect profile
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide