Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
18612
Views
0
Helpful
10
Replies

Conversion from Juniper Configuration to Cisco Config

mohsin.khan
Level 3
Level 3

‎11-29-2010 08:43 PM - edited ‎03-11-2019 12:16 PM

Hi,

I have a Juniper firewall config of 32,000 lines. I want to convert this into Cisco ASA v.8.3. Is there any pearl script available which can do that for me?

regards,

Mohsin

3 people had this problem
Labels:
0 Helpful
10 Replies 10

Panos Kampanakis
Cisco Employee
Cisco Employee

‎11-30-2010 09:29 AM

We currently do not have an “automated tool” to do this conversion. Your Cisco Sales team might be able to help you though. because I know their have some internal resources and tools that can provide help with such issues..

But unfortunately there is no public automated tool to convert the Juniper config to an ASA config.

Regards,

PK

0 Helpful

mohsin.khan
Level 3
Level 3
In response to Panos Kampanakis

‎12-01-2010 08:14 PM

Hi PK, thanks for the information, however when i check with my local Cisco Sales team, they say there is no such internal tool available...Will it be possible for you to give me the exact name of it so that i could again check with them with more information?

By the way, i have confirmed with Juniper sales team that they have Cisco to Juniper configuration migration tool available in there internal repository...But not the vice versa.

regards,

Mohsin

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to mohsin.khan

‎12-01-2010 08:48 PM

Mohsin,

PK is right. We do not have an official tool that we could provide you. But, it appears that a doc does exist.

Could you pls. let us know who you talked to on our side so, I could pass on some information to him/her? As I understand it the task is not complicated but, just time consuming.

-KS

0 Helpful

mohsin.khan
Level 3
Level 3
In response to Kureli Sankar

‎12-01-2010 09:07 PM

I had discussion with Mr. Majid Siddiq (majsiddi@cisco.com) and Mr. Salman Bakhtiari.

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to mohsin.khan

‎12-01-2010 09:24 PM

I talked to Majid internally. He is looking to the right direction now and I hope he will get what you need for you.

Rgs,

PK

0 Helpful

mteigeir
Level 1
Level 1

‎12-02-2010 07:58 AM

The first question is if you are migrating a ScreenOS config or a JunOS config.  If you are migrating a ScreenOS config, the process is rather simple and can be done with the use of notepad/word to do search and replaces for key words and excel for re-ordering columns (ScreenOS puts the permit after the services, we put it before the services, etc).  I have helped with a few migrations myself using this process and have found it much more reliable than even Juniper's ScreenOS to JunOS tool. (Perhaps because it is a firewall-firewall migration, as opposed to a firewall-router migration.)  Your account team can provide you with documentation to support this process.

Now, if you are migrating a JunOS config to an ASA config, there are also tricks that allow you to do it.  However, it is not as straight forward as the JunOS config looks very different.  This process is most efficiently done using the output of some show commands rather than the config itself.  In this case, I would strongly recommend you contact your account team for more details.

In either case, welcome to Cisco's firewalls.  I am sure you will feel like one who has emerged from black and white movies to technicolor!!

:-)

Maria

0 Helpful

mohsin.khan
Level 3
Level 3
In response to mteigeir

‎12-02-2010 09:47 AM

Hi Maria,

This is scenario where i have to migrate JunOS configuration of 32,000 lines to Cisco ASA config. How would you suggest me now, should i go command by command, or should i search for a perl script? i m not new to Cisco firewalls, but when it comes to junos, It is more of a 3d effect that i m getting rather than techno color..

Will it be possible to share those commands that you are reffering to?

regards,

Mohsin

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to mohsin.khan

‎12-02-2010 10:35 AM

Mohsin,

I reached out to Maria to give you a hand on this case.

You are in good hands.

-KS

0 Helpful

mteigeir
Level 1
Level 1
In response to mohsin.khan

‎12-02-2010 10:48 AM

Mohsin,

I would suggest you use the "show config | display set" command to get the config in a more useable format. From there, the config will look a lot more like a ScreenOS config. There will still need to be a little text editing to clean it up so that you get to the policy part, but it is simple enough.  Note that I cannot find the display command documented in the techdocs for JunOS, but it seems to work...

Hope that helps!

Maria

0 Helpful

Anand Kanani
Cisco Employee
Cisco Employee

‎12-19-2013 10:12 AM

Here is the new self-service tool that Cisco has released to convert to any vendor firewalls to Cisco ASA.

Currently it supports Juniper ScreenOS and CheckPoint to Cisco ASA conversion.

Link to the original post:

https://supportforums.cisco.com/community/netpro/security/firewall/blog/2013/09/27/conversion-tool-juniper-screenos-to-cisco-asa

Link to the tool itself:

https://fwmig.cisco.com

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card