Migrate VPN profiles from VPN concentrator to ASA

Unanswered Question
May 26th, 2010

We are in the process of getting a new ASA 5520 configured to replace our old PIX 515e and VPN concentrator. I have quite about 15 different tunnels defined on the VPN concentrator and am wondering if there is a way to migrate these to the ASA without having to create them from scratch. We are planning to continue support of the older IPSec VPN until we can get up to speed on the AnyConnect.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Todd Pula Wed, 05/26/2010 - 13:59

TAC has a beta tool that can convert a 3k config to an ASA format.  As this tool is considered beta, I would recommend that you use the resulting output file as a guide and not upload it directly to the ASA.  You will need to disable config file encryption and then export the 3k config in XML format before providing it to TAC.

Administration -> Access rights -> Access settings ->Config File Encryption

Administration -> File Management -> XML Export
bberry Tue, 06/29/2010 - 08:22

Have been going back and forth with Tac for a while and it now seems that there can be no special characters in passwords or shared keys. I have removed and @ or $ from tunnel passwords and shared keys and sent another exm exported config to TAC. We shall see if their tool will now work with it.

They stared with saying it was in the wrong XML format but cannot see how that can happen when there is no way to specify anyting in the way of a format.


peterfagg Thu, 01/13/2011 - 08:43

Hi Todd,

           Ref previous post about migrating concentrator config over to a ASA5520, Do you know if Cisco have got past the beta stage of the tool, Or will we still have the issues of incorrect counters/characters as stated in the post.

Also if the tool is available do you know where i need to go to get it.



Todd Pula Thu, 01/13/2011 - 10:10

This tool is only available to TAC and is still considered beta.


This Discussion