Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Migration tool From VPN concetrator to ASA ..?

Hi Netpros,

I probably already know the answer .. 'NOPE' .. but want to try just in case some of you had worked out a way of migrating the configuration from a Cisco VPN concetrator to an ASA without having the redo the whole config almost from scratch .. we are talking about 50+ L2L tunnels and several VPN remote groups. Your assistance is much appreciated

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Migration tool From VPN concetrator to ASA ..?

Adding to this. TAC can get you a rough conversion of your config through our beta tool but you should do these things if opening the ticket:

1. IMPORTANT: Pull the config off your concentrator as unencrypted XML - Check under Administration>Access Rights>Access Settings and confirm Config File Encryption is set to None (default) and then under Administration>File Management>XML Export you can save off the config file and attach it to your case for me.

2. Name of your Account Team or SE.

3. Current version of code the concentrator is running

4. Current version of code on the ASA and the ASA platform information

5. If your configuration includes DHCP and/or DNS, which interfaces will

it be enabled on?

6. If you have any static routes, NTP server and/or Zone Lab Server

specified with a hostname instead of an IP in your configuration, please

provide the IP address as well.

7. IP addresses of all interfaces on the ASA.

-heather

6 REPLIES

Re: Migration tool From VPN concetrator to ASA ..?

50+ L2L - Painfull!!

Have not come across a semeless way - and you know there is no utility that I know of Cisco has come up with - only a doc pdf file out there for just comparing sysntax .

In your situation I would probably have both in parallel and migrate each tunnel one at a time.

my 2 cents.

Regards

Re: Migration tool From VPN concetrator to ASA ..?

TAC has a beta tool that can convert a 3k config to ASA format. It isn't a perfect conversion but probably better than starting from scratch. I would start by opening a case with TAC.

Cisco Employee

Re: Migration tool From VPN concetrator to ASA ..?

Adding to this. TAC can get you a rough conversion of your config through our beta tool but you should do these things if opening the ticket:

1. IMPORTANT: Pull the config off your concentrator as unencrypted XML - Check under Administration>Access Rights>Access Settings and confirm Config File Encryption is set to None (default) and then under Administration>File Management>XML Export you can save off the config file and attach it to your case for me.

2. Name of your Account Team or SE.

3. Current version of code the concentrator is running

4. Current version of code on the ASA and the ASA platform information

5. If your configuration includes DHCP and/or DNS, which interfaces will

it be enabled on?

6. If you have any static routes, NTP server and/or Zone Lab Server

specified with a hostname instead of an IP in your configuration, please

provide the IP address as well.

7. IP addresses of all interfaces on the ASA.

-heather

Re: Migration tool From VPN concetrator to ASA ..?

Is the conversion tool process only available via tac case?

Bronze

Re: Migration tool From VPN concetrator to ASA ..?

Yes, because it's an internal tool. sorry.

Regards

M

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries

Re: Migration tool From VPN concetrator to ASA ..?

Thank you - but good to learn at least there is a tool / +5.

Regards

1902
Views
15
Helpful
6
Replies