Re: IPTABLES to ASA Conversion - Cisco Community

2990

Views

3

Helpful

5

Replies

Hi Folks,

does anyone knows about how can I convert a script from IPTABLES to Cisco ASA?

thanks a lot

5 Replies 5

Unfortunately, there is no way of automatically migrating the iptabes. So you would need to do it manually or write a script to do it. A rule like

route add  -net 192.168.10.0  netmask 255.255.255.0 gw XXX.XXX.XXX.XXX dev eth1

would be translated to

route 192.168.10.0 255.255.255.0 XXX.XXX.XXX.XXX

on the firewall.

I hope it helps.

PK

Ok Kampana,

thanks for your attention.

I guess that I'll be work to do!!!

My Iptables configuration have for about 9000 lines.

I could to do a script to translate DNAT configuration but there are many differents forms from Access-list and it's difficult

to make a script for all.

8-) hehehe it's too hard!!!

thanks a lot friend!!

Yeah, I understand.

With 9K of rules, I believe you will need a script, even though it will take some time to do it. and then you might also share it in the community for other that might need it in the future

Please rate helpful posts.

Rgs,

PK

Kampana,

you are right, I'll take some take to do it, if i discover any way or script to optimize that task I'll be share with everybody.

thank a lot

see you

Folks,

does anyone help me about a sintaxe used by IPTABLES?

What's this command means?

A FORWARD -i vlan227 -j CTG-to-WAN

-A FORWARD -i eth2 -j CTG-to-WAN

-A FORWARD -d 12.10.1.0/255.255.255.0 -i eth1 -j MTBrazil-to-SN

-A FORWARD -j PCBrazil

thanks

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking products for a $25 gift card