Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Convert configuration of Juniper to Cisco Firewall

Can somebody help me to convert the following config of Juniper router to cisco ASA

set interfaces ge-0/0/0 description xxxxxxxxxxx

set interfaces ge-0/0/0 vlan-tagging

set interfaces ge-0/0/0 mtu 4000

set interfaces ge-0/0/0 no-gratuitous-arp-request

set interfaces ge-0/0/0 unit 1 arp-resp unrestricted

set interfaces ge-0/0/0 unit 1 proxy-arp

set interfaces ge-0/0/0 unit 1 vlan-id 1

set interfaces ge-0/0/0 unit 1 family inet address X.X.X.X/25

set interfaces ge-0/0/0 unit 255 vlan-id 255

set interfaces ge-0/0/0 unit 255 family inet address X.X.X.X/30

set interfaces ge-0/0/1 description TUNNEL

set interfaces ge-0/0/1 vlan-tagging

set interfaces ge-0/0/1 mtu 4000

set interfaces ge-0/0/1 no-gratuitous-arp-request

set interfaces ge-0/0/1 unit 1 arp-resp restricted

set interfaces ge-0/0/1 unit 1 proxy-arp unrestricted

set interfaces ge-0/0/1 unit 1 vlan-id 1

set interfaces ge-0/0/1 unit 1 family inet address X.X.X.X/25

set interfaces ge-0/0/2 description to-xxxxxxxxxx

set interfaces ge-0/0/2 vlan-tagging

set interfaces ge-0/0/2 mtu 4000

set interfaces ge-0/0/2 unit 556 vlan-id 556

set interfaces ge-0/0/2 unit 556 family inet address X.X.X.X/30

set interfaces ge-0/0/2 unit 558 vlan-id 558

set interfaces ge-0/0/2 unit 558 family inet address X.X.X.X/30

set interfaces vlan unit 1 proxy-arp unrestricted

set routing-options static route X.X.X.X/32 next-hop X.X.X.X

set routing-options static route X.X.X.X/32 next-hop X.X.X.X

set routing-options static route X.X.X.X/32 next-hop X.X.X.X

set routing-options static route X.X.X.X/32 next-hop X.X.X.X

set routing-options static route X.X.X.X/32 next-hop X.X.X.X

set routing-options static route X.X.X.X/30 next-hop X.X.X.X

set routing-options static route 0.0.0.0/0 next-hop X.X.X.X

set protocols rip receive both

set protocols rip group xxxxxx neighbor ge-0/0/0.1

set policy-options policy-statement RIP-export term a from protocol direct

set policy-options policy-statement RIP-export term a from protocol rip

set policy-options policy-statement RIP-export term a then accept

2 REPLIES
Cisco Employee

Re: Convert configuration of Juniper to Cisco Firewall

Hi,

Disclaimer: there are many flavours of IOS, can not warrant that it will work for every possible software version.

For the fist interface:

no ip gratuitous-arps

int g0/0

switchport trunk encapsulation dot

switchport mode trunk

switchport trunk allowed vlan 1,255

int vlan 1

ip proxy-arp

ip address X.X.X.X/25

int vlan 255

ip proxy-arp

ip address X.X.X.X/30

#repeat the same for next interfaces/vlans

For first routing entry (

set routing-options static route X.X.X.X/32 next-hop Y.Y.Y.Y)

ip route X.X.X.0 255.255.255.0 Y.Y.Y.Y

For RIP:

router rip

passive-interface default

no passive-interface gig0/0

For routing leakage: i do not see the rest of the config, but you can control what routes to accept using

router rip

distribute-list 100 in     #ACL number 100 decides which routes to accept.

--

Michal

New Member

Re: Convert configuration of Juniper to Cisco Firewall

hello

what's the mean of the following command and what's the equivalent on cisco 

unit 1 arp-resp unrestricted

no-gratuitous-arp-request

unit 1 proxy-arp

set interfaces vlan unit 1 proxy-arp unrestricted

the problem if we activate the proxy arp on asa cisco 5525 X didnt work and i note that the proxy arp is enabled by default


below all juniper configuration

set interfaces ge-0/0/0 description Test

set interfaces ge-0/0/0 vlan-tagging

set interfaces ge-0/0/0 mtu 4000

set interfaces ge-0/0/0 no-gratuitous-arp-request

set interfaces ge-0/0/0 unit 1 arp-resp unrestricted

set interfaces ge-0/0/0 unit 1 proxy-arp

set interfaces ge-0/0/0 unit 1 vlan-id 1

set interfaces ge-0/0/0 unit 1 family inet address 10.10.132.1/25

set interfaces ge-0/0/0 unit 255 vlan-id 255

set interfaces ge-0/0/0 unit 255 family inet address 192.168.2.2/30

set interfaces ge-0/0/1 description Test2

set interfaces ge-0/0/1 vlan-tagging

set interfaces ge-0/0/1 mtu 4000

set interfaces ge-0/0/1 no-gratuitous-arp-request

set interfaces ge-0/0/1 unit 1 arp-resp restricted

set interfaces ge-0/0/1 unit 1 proxy-arp unrestricted

set interfaces ge-0/0/1 unit 1 vlan-id 1

set interfaces ge-0/0/1 unit 1 family inet address 10.10.132.129/25

set interfaces ge-0/0/2 description to-BB

set interfaces ge-0/0/2 vlan-tagging

set interfaces ge-0/0/2 mtu 4000

set interfaces ge-0/0/2 unit 556 vlan-id 556

set interfaces ge-0/0/2 unit 556 family inet address 10.1.6.90/30

set interfaces ge-0/0/2 unit 558 vlan-id 558

set interfaces ge-0/0/2 unit 558 family inet address 10.1.6.134/30

set interfaces vlan unit 1 proxy-arp unrestricted

set routing-options static route 208.226.76.25/32 next-hop 10.10.132.101

set routing-options static route 24.201.44.122/32 next-hop 10.10.132.101

set routing-options static route 216.150.170.90/32 next-hop 10.10.132.101

set routing-options static route 42.220.13.162/32 next-hop 10.10.132.101

set routing-options static route 81.247.181.14/32 next-hop 10.10.132.101

set routing-options static route 10.1.6.128/30 next-hop 10.1.6.89

set routing-options static route 0.0.0.0/0 next-hop 10.1.6.133

set protocols rip receive both

set protocols rip group Group1 neighbor ge-0/0/0.1

set policy-options policy-statement RIP-export term a from protocol direct

set policy-options policy-statement RIP-export term a from protocol rip

set policy-options policy-statement RIP-export term a then accept

1048
Views
0
Helpful
2
Replies