cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
613
Views
0
Helpful
3
Replies

IOS ACL to FWSM format conversion tool ?

p.brand
Level 1
Level 1

Is there a tool to convert IOS ACL to FWSM format ?

i.e. conversion of wildcard masks to appropriate subnet mask

3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

I have not been able to find an app, but what I do is use a text editor (my favorite is UltraEdit) and do a search and replace. Search for 255.255.255.248 and replace with 0.0.0.7. Clunky, but it works.

Hope that helps.

Jon Marshall
Hall of Fame
Hall of Fame

Paul

Firstly with sincere apologies to all Perl programmers :-), i have knocked up a quick script that will convert IOS acl to FWSM/Pix/ASA format eg.

Input =

access-list 101 permit tcp 192.168.10.0 0.0.0.255 172.16.5.0 0.0.0.7 eq 23

access-list 101 permit udp 192.168.20.0 0.0.0.31 eq 23 172.16.5.0 0.0.0.255

access-list 101 permit ip host 192.168.10.1 172.31.12.0 0.0.7.255

access-list 101 permit ip 192.168.17.128 0.0.0.127 172.16.10.0 0.0.0.255

access-list 101 permit ip 172.16.5.0 0.0.0.31 host 172.16.5.2

Output =

access-list outside_access_in permit tcp 192.168.10.0 255.255.255.0 172.16.5.0 255.255.255.248 eq 23

access-list outside_access_in permit udp 192.168.20.0 255.255.255.224 eq 23 172.16.5.0 255.255.255.0

access-list outside_access_in permit ip host 192.168.10.1 172.31.12.0 255.255.248.0

access-list outside_access_in permit ip 192.168.17.128 255.255.255.128 172.16.10.0 255.255.255.0

access-list outside_access_in permit ip 172.16.5.0 255.255.255.224 host 172.16.5.2

It only works with IOS acl's of format

access-list permit ....

but i suppose it could be modified to also include extended acl's. It's a very quick and dirty script and i haven't exactly tested it extensively but if you have huge acl's it may be worth a try.

Hopefully you are familiar with Perl. If not you can get a copy for windows from Activestate (www.activestate.com). Linux/Unix should already have it installed.

Script attached. Obviously this comes with no guarantees so use with discretion !

** Edit - sorry should explain. Script will read in a file containing an IOS access-list and will output to the screen the new FWSM access-list. **

Jon

Apologies, here is the attachement.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: