Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
0
Helpful
3
Replies

Migration tool using a proxy

Go to solution
uRLKuzE
Level 1
Level 1

‎12-28-2023 05:59 AM

Dear community,

I’m trying to use Cisco’s migration tool to migrate an ASA config to a FTD but I’m facing issues running it. Indeed, it tries to reach out cisco but it fails:

2023-12-28 14:35:21,125 [INFO    | common] > "proxies : {}"

2023-12-28 14:35:21,145 [INFO    | common] > "Telemetry push : Unable to connect to SSE Cloud server https://sign-on.security.cisco.com HTTPSConnectionPool(host='sign-on.security.cisco.com', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x0000026BC2EBA250>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed'))"

Wireshark capture indicate that the tool doesn’t use the proxy settings of my corporate device but instead tries to use a direct internet connection, which fails because we cannot resolve public domains and access directly internet with our corporate devices:

DNS       86           Standard query 0xb8c4 A sign-on.security.cisco.com

DNS       176         Standard query response 0xb8c4 No such name A sign-on.security.cisco.com SOA pranspri01.phys.prod

Did anyone manage to run the migration tool using a proxy or run it offline ? I’ve looked the documentation Migrating Cisco Secure Firewall ASA to Cisco Secure Firewall Threat Defense with the Migration Tool - Getting Started with the Secure Firewall Migration Tool [Cisco Secure Firewall ASA] - Cisco but didn’t see anything relating to my problem.

Thanks for your inputs and have a nice holidays.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
uRLKuzE
Level 1
Level 1

‎01-15-2024 01:07 AM

In case someone else has the issue, TAC confirmed that the tool is not configurable to use the system proxy yet, but the BU provided an offline tool that can be executed on a corporate device without direct access to internet, fixing my issue.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
helpcenterus
Spotlight
Spotlight

‎12-29-2023 11:57 AM

@uRLKuzE to address this, you might want to check whether the migration tool has specific proxy settings that need configuration. If the tool is not utilizing your corporate device's proxy settings, you may need to manually configure proxy settings within the migration tool itself.
Best of luck in resolving your migration challenges, and happy holidays!

0 Helpful

Go to solution
uRLKuzE
Level 1
Level 1

‎01-15-2024 01:07 AM

In case someone else has the issue, TAC confirmed that the tool is not configurable to use the system proxy yet, but the BU provided an offline tool that can be executed on a corporate device without direct access to internet, fixing my issue.

0 Helpful

Go to solution
helpcenterus
Spotlight
Spotlight

‎01-15-2024 01:11 AM

By the way, I guessed that was the reason!
@uRLKuzE, thank you for writing the solution!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card