cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2518
Views
15
Helpful
6
Replies

Migration tool From VPN concetrator to ASA ..?

Fernando_Meza
Level 7
Level 7

Hi Netpros,

I probably already know the answer .. 'NOPE' .. but want to try just in case some of you had worked out a way of migrating the configuration from a Cisco VPN concetrator to an ASA without having the redo the whole config almost from scratch .. we are talking about 50+ L2L tunnels and several VPN remote groups. Your assistance is much appreciated

1 Accepted Solution

Accepted Solutions

Adding to this. TAC can get you a rough conversion of your config through our beta tool but you should do these things if opening the ticket:

1. IMPORTANT: Pull the config off your concentrator as unencrypted XML - Check under Administration>Access Rights>Access Settings and confirm Config File Encryption is set to None (default) and then under Administration>File Management>XML Export you can save off the config file and attach it to your case for me.

2. Name of your Account Team or SE.

3. Current version of code the concentrator is running

4. Current version of code on the ASA and the ASA platform information

5. If your configuration includes DHCP and/or DNS, which interfaces will

it be enabled on?

6. If you have any static routes, NTP server and/or Zone Lab Server

specified with a hostname instead of an IP in your configuration, please

provide the IP address as well.

7. IP addresses of all interfaces on the ASA.

-heather

View solution in original post

6 Replies 6

JORGE RODRIGUEZ
Level 10
Level 10

50+ L2L - Painfull!!

Have not come across a semeless way - and you know there is no utility that I know of Cisco has come up with - only a doc pdf file out there for just comparing sysntax .

In your situation I would probably have both in parallel and migrate each tunnel one at a time.

my 2 cents.

Regards

Jorge Rodriguez

Todd Pula
Level 7
Level 7

TAC has a beta tool that can convert a 3k config to ASA format. It isn't a perfect conversion but probably better than starting from scratch. I would start by opening a case with TAC.

Adding to this. TAC can get you a rough conversion of your config through our beta tool but you should do these things if opening the ticket:

1. IMPORTANT: Pull the config off your concentrator as unencrypted XML - Check under Administration>Access Rights>Access Settings and confirm Config File Encryption is set to None (default) and then under Administration>File Management>XML Export you can save off the config file and attach it to your case for me.

2. Name of your Account Team or SE.

3. Current version of code the concentrator is running

4. Current version of code on the ASA and the ASA platform information

5. If your configuration includes DHCP and/or DNS, which interfaces will

it be enabled on?

6. If you have any static routes, NTP server and/or Zone Lab Server

specified with a hostname instead of an IP in your configuration, please

provide the IP address as well.

7. IP addresses of all interfaces on the ASA.

-heather

Is the conversion tool process only available via tac case?

Jorge Rodriguez

Yes, because it's an internal tool. sorry.

Regards

M

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries

Thank you - but good to learn at least there is a tool / +5.

Regards

Jorge Rodriguez
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: