Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPTABLES to ASA Conversion

Hi Folks,

does anyone knows about how can I convert a script from IPTABLES to Cisco ASA?

thanks a lot

  • Firewalling
5 REPLIES
Cisco Employee

Re: IPTABLES to ASA Conversion

Unfortunately, there is no way of automatically migrating the iptabes. So you would need to do it manually or write a script to do it. A rule like

route add  -net 192.168.10.0  netmask 255.255.255.0 gw XXX.XXX.XXX.XXX dev eth1

would be translated to

route 192.168.10.0 255.255.255.0 XXX.XXX.XXX.XXX 

on the firewall.

I hope it helps.

PK

New Member

Re: IPTABLES to ASA Conversion

Ok Kampana,

thanks for your attention.

I guess that I'll be work to do!!!

My Iptables configuration have for about 9000 lines.

I could to do a script to translate DNAT configuration but there are many differents forms from Access-list and it's difficult

to make a script for all.

8-) hehehe it's too hard!!!

thanks a lot friend!!

Cisco Employee

Re: IPTABLES to ASA Conversion

Yeah, I understand.

With 9K of rules, I believe you will need a script, even though it will take some time to do it. and then you might also share it in the community for other that might need it in the future

Please rate helpful posts.

Rgs,

PK

New Member

Re: IPTABLES to ASA Conversion

Kampana,

you are right, I'll take some take to do it, if i discover any way or script to optimize that task I'll be share with everybody.

thank a lot

see you

New Member

Re: IPTABLES to ASA Conversion

Folks,

does anyone help me about a sintaxe used by IPTABLES?

What's this command means?

A FORWARD -i vlan227 -j CTG-to-WAN

-A FORWARD -i eth2 -j CTG-to-WAN

-A FORWARD -d 12.10.1.0/255.255.255.0 -i eth1 -j MTBrazil-to-SN

-A FORWARD -j PCBrazil

thanks

1833
Views
3
Helpful
5
Replies
This widget could not be displayed.