Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IOS ACL to FWSM format conversion tool ?

Is there a tool to convert IOS ACL to FWSM format ?

i.e. conversion of wildcard masks to appropriate subnet mask

3 REPLIES

Re: IOS ACL to FWSM format conversion tool ?

I have not been able to find an app, but what I do is use a text editor (my favorite is UltraEdit) and do a search and replace. Search for 255.255.255.248 and replace with 0.0.0.7. Clunky, but it works.

Hope that helps.

Hall of Fame Super Blue

Re: IOS ACL to FWSM format conversion tool ?

Paul

Firstly with sincere apologies to all Perl programmers :-), i have knocked up a quick script that will convert IOS acl to FWSM/Pix/ASA format eg.

Input =

access-list 101 permit tcp 192.168.10.0 0.0.0.255 172.16.5.0 0.0.0.7 eq 23

access-list 101 permit udp 192.168.20.0 0.0.0.31 eq 23 172.16.5.0 0.0.0.255

access-list 101 permit ip host 192.168.10.1 172.31.12.0 0.0.7.255

access-list 101 permit ip 192.168.17.128 0.0.0.127 172.16.10.0 0.0.0.255

access-list 101 permit ip 172.16.5.0 0.0.0.31 host 172.16.5.2

Output =

access-list outside_access_in permit tcp 192.168.10.0 255.255.255.0 172.16.5.0 255.255.255.248 eq 23

access-list outside_access_in permit udp 192.168.20.0 255.255.255.224 eq 23 172.16.5.0 255.255.255.0

access-list outside_access_in permit ip host 192.168.10.1 172.31.12.0 255.255.248.0

access-list outside_access_in permit ip 192.168.17.128 255.255.255.128 172.16.10.0 255.255.255.0

access-list outside_access_in permit ip 172.16.5.0 255.255.255.224 host 172.16.5.2

It only works with IOS acl's of format

access-list permit ....

but i suppose it could be modified to also include extended acl's. It's a very quick and dirty script and i haven't exactly tested it extensively but if you have huge acl's it may be worth a try.

Hopefully you are familiar with Perl. If not you can get a copy for windows from Activestate (www.activestate.com). Linux/Unix should already have it installed.

Script attached. Obviously this comes with no guarantees so use with discretion !

** Edit - sorry should explain. Script will read in a file containing an IOS access-list and will output to the screen the new FWSM access-list. **

Jon

Hall of Fame Super Blue

Re: IOS ACL to FWSM format conversion tool ?

Apologies, here is the attachement.

242
Views
0
Helpful
3
Replies