Migration tool From VPN concetrator to ASA ..?

Answered Question
Nov 11th, 2009

Hi Netpros,

I probably already know the answer .. 'NOPE' .. but want to try just in case some of you had worked out a way of migrating the configuration from a Cisco VPN concetrator to an ASA without having the redo the whole config almost from scratch .. we are talking about 50+ L2L tunnels and several VPN remote groups. Your assistance is much appreciated

I have this problem too.
0 votes
Correct Answer by hdashnau about 4 years 5 months ago

Adding to this. TAC can get you a rough conversion of your config through our beta tool but you should do these things if opening the ticket:

1. IMPORTANT: Pull the config off your concentrator as unencrypted XML - Check under Administration>Access Rights>Access Settings and confirm Config File Encryption is set to None (default) and then under Administration>File Management>XML Export you can save off the config file and attach it to your case for me.

2. Name of your Account Team or SE.

3. Current version of code the concentrator is running

4. Current version of code on the ASA and the ASA platform information

5. If your configuration includes DHCP and/or DNS, which interfaces will

it be enabled on?

6. If you have any static routes, NTP server and/or Zone Lab Server

specified with a hostname instead of an IP in your configuration, please

provide the IP address as well.

7. IP addresses of all interfaces on the ASA.

-heather

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (4 ratings)
JORGE RODRIGUEZ Fri, 11/13/2009 - 10:28

50+ L2L - Painfull!!

Have not come across a semeless way - and you know there is no utility that I know of Cisco has come up with - only a doc pdf file out there for just comparing sysntax .

In your situation I would probably have both in parallel and migrate each tunnel one at a time.

my 2 cents.

Regards

Todd Pula Fri, 11/13/2009 - 11:37

TAC has a beta tool that can convert a 3k config to ASA format. It isn't a perfect conversion but probably better than starting from scratch. I would start by opening a case with TAC.

Correct Answer
hdashnau Fri, 11/13/2009 - 13:55

Adding to this. TAC can get you a rough conversion of your config through our beta tool but you should do these things if opening the ticket:

1. IMPORTANT: Pull the config off your concentrator as unencrypted XML - Check under Administration>Access Rights>Access Settings and confirm Config File Encryption is set to None (default) and then under Administration>File Management>XML Export you can save off the config file and attach it to your case for me.

2. Name of your Account Team or SE.

3. Current version of code the concentrator is running

4. Current version of code on the ASA and the ASA platform information

5. If your configuration includes DHCP and/or DNS, which interfaces will

it be enabled on?

6. If you have any static routes, NTP server and/or Zone Lab Server

specified with a hostname instead of an IP in your configuration, please

provide the IP address as well.

7. IP addresses of all interfaces on the ASA.

-heather

mopaul Sat, 11/14/2009 - 21:31

Yes, because it's an internal tool. sorry.

Regards

M

Actions

Login or Register to take actions

This Discussion

Posted November 11, 2009 at 10:07 PM
Stats:
Replies:6 Avg. Rating:5
Views:1679 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard