EIGRP Config Migration from Cisco ASA to PaloAlto using Expedition

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

EIGRP Config Migration from Cisco ASA to PaloAlto using Expedition

L2 Linker

Hi Everyone,

 

Does anyone able to migrate the EIGRP config in Expedition during migraition from other vendors like Cisco ASA , Checkpoint firewalls?

 

I have a cisco ASA 5525 configured with EIGRP and when I imported the policy file into expedition for migration it does only showing the static routes and some unrelated information(XML code) about BGP?( I can manually configure the EIGRP on palo alto after config migration but I wonder about the migration tool and making sure I am not missing anything here!)

 

Does this mean it only migrates the BGP config not any other dynamic routing protocols?

 

Please let me know what have you done to have this migrated or if know how to do it. any inputs are much appriciated.

 

Best regards,

Nagarjuna

1 accepted solution

Accepted Solutions

L2 Linker

Unfortunately EIGRP is a Cisco propriotry routing protocol and not available on PANOS.  Only static, OSPF and BGP are available on the PAN appliances.

 

With that said, Expedition does transfer all your routing information, just not EIGRP.

 

Hope that helps,

Bob

View solution in original post

7 REPLIES 7

L2 Linker

Unfortunately EIGRP is a Cisco propriotry routing protocol and not available on PANOS.  Only static, OSPF and BGP are available on the PAN appliances.

 

With that said, Expedition does transfer all your routing information, just not EIGRP.

 

Hope that helps,

Bob

Didn't realize that PAN do not support EIGRP. Thanks for the response. I belive RIP config is also supported along with the list you mentioned. 

 

Best regards,

Nagarjuna 

L1 Bithead

Actually, Cisco has made EIGRP an open standard per RFC7868 since 2016.  

 

We'd love to see Palo Alto firewalls implement EIGRP as a supported routing protocol where it will be much easier to intergrate with an already established Cisco network topology.  

 

Currently, we still have Cisco ASA/FirePowers for this sepecific reason (EIGRP)...  Just drop it in and it works, without redoing dynamic routing configuration and involve various other teams.

 

 

L0 Member

Which protocol will be best to choose instead of eigrp for the hub and 100 branches?

BGP, OSPF oraz BFD witch monitoring?

 

I guess this topic would be better resolved in the PANOS threads, as the content in this site is more related to Expedition and the audience may not be able to provide you the same level of assistance as you would get in a more specifically related one.

Either OSPF and BGP would work.  It depends on which you are most comfortable with and your level of experience with it.  I personally would go with OSPF.


HTH,
Bob

Bob Bagheri, PCNSC #246

Hello,

 

The problem with OSPF will be the amount of SPF recalculations that could happen with 100 end points should they flap. You would need to adjust the recalculations and it might not be worth it. When you say BGP with BFD I assume you are saying IBGP, and that depends on your redundancy setup at your spoke sites but it could be a good HA setup for fast recovery.

 

Generally a good setup is a mix of eBGP and iBGP with BFD. As Didac has mentioned this forum is more related to expedition. For more information or network design I would recommend Orhan Ergun’s book on the CCDE, it has lots of great information.

 

Good luck with your deployment!

  • 1 accepted solution
  • 12746 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!