Conversion from Juniper Configuration to Cisco Config

Unanswered Question
Nov 29th, 2010

Hi,

I have a Juniper firewall config of 32,000 lines. I want to convert this into Cisco ASA v.8.3. Is there any pearl script available which can do that for me?

regards,

Mohsin

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
pkampana Tue, 11/30/2010 - 09:29

We currently do not have an “automated tool” to do this conversion. Your Cisco Sales team might be able to help you though. because I know their have some internal resources and tools that can provide help with such issues..

But unfortunately there is no public automated tool to convert the Juniper config to an ASA config.

Regards,

PK

mohsin.khan@tel... Wed, 12/01/2010 - 20:14

Hi PK, thanks for the information, however when i check with my local Cisco Sales team, they say there is no such internal tool available...Will it be possible for you to give me the exact name of it so that i could again check with them with more information?

By the way, i have confirmed with Juniper sales team that they have Cisco to Juniper configuration migration tool available in there internal repository...But not the vice versa.

regards,

Mohsin

Poonguzhali Sankar Wed, 12/01/2010 - 20:48

Mohsin,

PK is right. We do not have an official tool that we could provide you. But, it appears that a doc does exist.

Could you pls. let us know who you talked to on our side so, I could pass on some information to him/her? As I understand it the task is not complicated but, just time consuming.

-KS

pkampana Wed, 12/01/2010 - 21:24

I talked to Majid internally. He is looking to the right direction now and I hope he will get what you need for you.

Rgs,

PK

mteigeir Thu, 12/02/2010 - 07:58

The first question is if you are migrating a ScreenOS config or a JunOS config.  If you are migrating a ScreenOS config, the process is rather simple and can be done with the use of notepad/word to do search and replaces for key words and excel for re-ordering columns (ScreenOS puts the permit after the services, we put it before the services, etc).  I have helped with a few migrations myself using this process and have found it much more reliable than even Juniper's ScreenOS to JunOS tool. (Perhaps because it is a firewall-firewall migration, as opposed to a firewall-router migration.)  Your account team can provide you with documentation to support this process.

Now, if you are migrating a JunOS config to an ASA config, there are also tricks that allow you to do it.  However, it is not as straight forward as the JunOS config looks very different.  This process is most efficiently done using the output of some show commands rather than the config itself.  In this case, I would strongly recommend you contact your account team for more details.

In either case, welcome to Cisco's firewalls.  I am sure you will feel like one who has emerged from black and white movies to technicolor!!

:-)

Maria

mohsin.khan@tel... Thu, 12/02/2010 - 09:47

Hi Maria,

This is scenario where i have to migrate JunOS configuration of 32,000 lines to Cisco ASA config. How would you suggest me now, should i go command by command, or should i search for a perl script? i m not new to Cisco firewalls, but when it comes to junos, It is more of a 3d effect that i m getting rather than techno color..

Will it be possible to share those commands that you are reffering to?

regards,

Mohsin

mteigeir Thu, 12/02/2010 - 10:48

Mohsin,

I would suggest you use the "show config | display set" command to get the config in a more useable format. From there, the config will look a lot more like a ScreenOS config. There will still need to be a little text editing to clean it up so that you get to the policy part, but it is simple enough.  Note that I cannot find the display command documented in the techdocs for JunOS, but it seems to work...

Hope that helps!

Maria

ankanani Thu, 12/19/2013 - 10:12

Here is the new self-service tool that Cisco has released to convert to any vendor firewalls to Cisco ASA.

Currently it supports Juniper ScreenOS and CheckPoint to Cisco ASA conversion.

Link to the original post:

https://supportforums.cisco.com/community/netpro/security/firewall/blog/2013/09/27/conversion-tool-juniper-screenos-to-cisco-asa

Link to the tool itself:

https://fwmig.cisco.com

Actions

Login or Register to take actions

This Discussion

Posted November 29, 2010 at 8:43 PM
Stats:
Replies:10 Avg. Rating:
Views:4986 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446