Collin Clark Wed, 06/03/2009 - 07:58
User Badges:
  • Purple, 4500 points or more

I have not been able to find an app, but what I do is use a text editor (my favorite is UltraEdit) and do a search and replace. Search for 255.255.255.248 and replace with 0.0.0.7. Clunky, but it works.


Hope that helps.

Jon Marshall Thu, 06/04/2009 - 03:59
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Paul


Firstly with sincere apologies to all Perl programmers :-), i have knocked up a quick script that will convert IOS acl to FWSM/Pix/ASA format eg.


Input =


access-list 101 permit tcp 192.168.10.0 0.0.0.255 172.16.5.0 0.0.0.7 eq 23

access-list 101 permit udp 192.168.20.0 0.0.0.31 eq 23 172.16.5.0 0.0.0.255

access-list 101 permit ip host 192.168.10.1 172.31.12.0 0.0.7.255

access-list 101 permit ip 192.168.17.128 0.0.0.127 172.16.10.0 0.0.0.255

access-list 101 permit ip 172.16.5.0 0.0.0.31 host 172.16.5.2


Output =


access-list outside_access_in permit tcp 192.168.10.0 255.255.255.0 172.16.5.0 255.255.255.248 eq 23

access-list outside_access_in permit udp 192.168.20.0 255.255.255.224 eq 23 172.16.5.0 255.255.255.0

access-list outside_access_in permit ip host 192.168.10.1 172.31.12.0 255.255.248.0

access-list outside_access_in permit ip 192.168.17.128 255.255.255.128 172.16.10.0 255.255.255.0

access-list outside_access_in permit ip 172.16.5.0 255.255.255.224 host 172.16.5.2



It only works with IOS acl's of format


access-list permit ....


but i suppose it could be modified to also include extended acl's. It's a very quick and dirty script and i haven't exactly tested it extensively but if you have huge acl's it may be worth a try.


Hopefully you are familiar with Perl. If not you can get a copy for windows from Activestate (www.activestate.com). Linux/Unix should already have it installed.


Script attached. Obviously this comes with no guarantees so use with discretion !


** Edit - sorry should explain. Script will read in a file containing an IOS access-list and will output to the screen the new FWSM access-list. **


Jon

Jon Marshall Thu, 06/04/2009 - 04:02
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Apologies, here is the attachement.



Attachment: 

Actions

This Discussion