06-03-2009 07:03 AM - edited 03-11-2019 08:39 AM
Is there a tool to convert IOS ACL to FWSM format ?
i.e. conversion of wildcard masks to appropriate subnet mask
06-03-2009 07:58 AM
I have not been able to find an app, but what I do is use a text editor (my favorite is UltraEdit) and do a search and replace. Search for 255.255.255.248 and replace with 0.0.0.7. Clunky, but it works.
Hope that helps.
06-04-2009 03:59 AM
Paul
Firstly with sincere apologies to all Perl programmers :-), i have knocked up a quick script that will convert IOS acl to FWSM/Pix/ASA format eg.
Input =
access-list 101 permit tcp 192.168.10.0 0.0.0.255 172.16.5.0 0.0.0.7 eq 23
access-list 101 permit udp 192.168.20.0 0.0.0.31 eq 23 172.16.5.0 0.0.0.255
access-list 101 permit ip host 192.168.10.1 172.31.12.0 0.0.7.255
access-list 101 permit ip 192.168.17.128 0.0.0.127 172.16.10.0 0.0.0.255
access-list 101 permit ip 172.16.5.0 0.0.0.31 host 172.16.5.2
Output =
access-list outside_access_in permit tcp 192.168.10.0 255.255.255.0 172.16.5.0 255.255.255.248 eq 23
access-list outside_access_in permit udp 192.168.20.0 255.255.255.224 eq 23 172.16.5.0 255.255.255.0
access-list outside_access_in permit ip host 192.168.10.1 172.31.12.0 255.255.248.0
access-list outside_access_in permit ip 192.168.17.128 255.255.255.128 172.16.10.0 255.255.255.0
access-list outside_access_in permit ip 172.16.5.0 255.255.255.224 host 172.16.5.2
It only works with IOS acl's of format
access-list
but i suppose it could be modified to also include extended acl's. It's a very quick and dirty script and i haven't exactly tested it extensively but if you have huge acl's it may be worth a try.
Hopefully you are familiar with Perl. If not you can get a copy for windows from Activestate (www.activestate.com). Linux/Unix should already have it installed.
Script attached. Obviously this comes with no guarantees so use with discretion !
** Edit - sorry should explain. Script will read in a file containing an IOS access-list and will output to the screen the new FWSM access-list. **
Jon
06-04-2009 04:02 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: