PIX to ASA Migration

Unanswered Question
Nov 26th, 2008

We need to migrate our PIX 525 6.3(4) to ASA 5540 8.0. I used the PIXtoASA Tool from cisco and successfully converted the config. THe issue now is when i tried to apply the config to the ASA the following commands are not applied:

vpngroup vpn_dolphin address-pool ippool

vpngroup vpn_dolphin dns-server 172.16.3.150 172.16.3.151

vpngroup vpn_dolphin default-domain dolphinenergy.co

vpngroup vpn_dolphin split-tunnel splitTunnel

vpngroup vpn_dolphin idle-time 1800

vpngroup vpn_dolphin password ********

vpngroup sapvpn address-pool ippool2

vpngroup sapvpn idle-time 1800

vpngroup sapvpn password ********

vpngroup dns-server idle-time 1800

vpngroup vpn_GDMS address-pool ippoo5

vpngroup vpn_GDMS dns-server 172.16.3.150 172.16.3.151

vpngroup vpn_GDMS idle-time 1800

vpngroup vpn_GDMS password ********

I believe that the vpngroup is not supported on 8.0 and tunnel-group is the replacement for that. Now, how will I convert those commands to tunnel-group and how about the attributes?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sachinraja Wed, 11/26/2008 - 12:01

Are you sure you sure you converted the configuration as given in the URL below ?

http://www.cisco.com/en/US/docs/security/asa/migration/guide/pix2asa.html#wp271105

Normally when you do an IOS upgrade, most of the commands are changed by itself (fixups etc) after reboot. Some commands you gotta manually change it either using the tool or using CLI reference guide.

The VPN group configurations have been renamed as tunnel-group. Hence you can just do a manual copy and paste it in your device. Use the following commands:

hostname(config)# tunnel-group testgroup general-attributes

hostname(config-general)# address-pool testpool

etc etc etc.. define everything here..

Reference:http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/vpnrmote.html

Hope this helps.. all the best.. rate replies if found useful..

Raj

renato.berana Thu, 11/27/2008 - 20:52

Actuall y when i pasted the vpngroup commands the ASA automatically converted to their respective tunnel-group equivalent config. Thanks guys.

Actions

This Discussion