Does anyone know who to convert config form a Juniper Netscreen Firewall to a ASA? We are trying to get rid of the netscreen firewalls at our location and replace them with ASA's. I know very little about Juniper Netscreen Firewalls.
There's no conversion tool available as far as I know. (There is one available for CheckPoint to Cisco conversions.) Unfortunately, you'll just have to analyze your ScreenOS script and setup your ASA based on the results of that analysis.
If you've never worked with ScreenOS, it may be best to engage a 3rd party with expertise in both technologies. If that's not possible, just look at your Netscreen script ("get config" from CLI) section by section, line by line, and account for all the features and parameters in your ASA build. Some bits (e.g. extraction of any pre-shared keys) may not be recoverable from the Netscreen.
Also look at it as an opportunity to rebuild your VPN from scratch and clean out any unused or unnecessary bits that may have built up over the past years.
Thanks for your reply. Your reply fits with exactly what I am thinking. The liability of an extended outage is entirely too great for me to try to do this in-house myself. I totally agree with the 3rd party solution. I retrieved a quote from a company to do this for us and will present it to my team after getting a couple more quotes. The cost stated on the first quotes I received for this are very minimal when compared to the network being down. Thanks Again for your time/advice.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :