Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1022
Views
0
Helpful
2
Replies

PIX to ASA Migration

renato.berana
Level 1
Level 1

‎11-26-2008 07:41 AM - edited ‎03-11-2019 07:18 AM

We need to migrate our PIX 525 6.3(4) to ASA 5540 8.0. I used the PIXtoASA Tool from cisco and successfully converted the config. THe issue now is when i tried to apply the config to the ASA the following commands are not applied:

vpngroup vpn_dolphin address-pool ippool

vpngroup vpn_dolphin dns-server 172.16.3.150 172.16.3.151

vpngroup vpn_dolphin default-domain dolphinenergy.co

vpngroup vpn_dolphin split-tunnel splitTunnel

vpngroup vpn_dolphin idle-time 1800

vpngroup vpn_dolphin password ********

vpngroup sapvpn address-pool ippool2

vpngroup sapvpn idle-time 1800

vpngroup sapvpn password ********

vpngroup dns-server idle-time 1800

vpngroup vpn_GDMS address-pool ippoo5

vpngroup vpn_GDMS dns-server 172.16.3.150 172.16.3.151

vpngroup vpn_GDMS idle-time 1800

vpngroup vpn_GDMS password ********

I believe that the vpngroup is not supported on 8.0 and tunnel-group is the replacement for that. Now, how will I convert those commands to tunnel-group and how about the attributes?

Labels:
0 Helpful
2 Replies 2

sachinraja
Level 9
Level 9

‎11-26-2008 12:01 PM

Are you sure you sure you converted the configuration as given in the URL below ?

http://www.cisco.com/en/US/docs/security/asa/migration/guide/pix2asa.html#wp271105

Normally when you do an IOS upgrade, most of the commands are changed by itself (fixups etc) after reboot. Some commands you gotta manually change it either using the tool or using CLI reference guide.

The VPN group configurations have been renamed as tunnel-group. Hence you can just do a manual copy and paste it in your device. Use the following commands:

hostname(config)# tunnel-group testgroup general-attributes

hostname(config-general)# address-pool testpool

etc etc etc.. define everything here..

Reference:http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/vpnrmote.html

Hope this helps.. all the best.. rate replies if found useful..

Raj

0 Helpful

renato.berana
Level 1
Level 1
In response to sachinraja

‎11-27-2008 08:52 PM

Actuall y when i pasted the vpngroup commands the ASA automatically converted to their respective tunnel-group equivalent config. Thanks guys.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card