CISCO ASA to PALO ALTO (Expedition's migration)

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

CISCO ASA to PALO ALTO (Expedition's migration)

L2 Linker



I need to migrate the configuration from a CISCO ASA. I would like to know what file do I need. I have the output of the " show run" command and the output of the "tech-file". 





L5 Sessionator

The Expedition Import process mentions:

"Upload the output from the command "more system:running-config" to bring crypto keys in clear text or show running"

Would this work for you?

So, I need the command "more system:running-config". Or can I use the "show run"?





As Didac stated the more 'system:running config' will display the IPSEC encrypted keys into clear text so that you are able to migrate those tunnels over from the ASA.


If you simply use a "show run" those keys remain encrypted and will not properly migrate over. Expedition is not able to crack the md5 hash for these keys so you will need to make it viewable for our tool to build these tunnels.


So if possible display the keys in clear text and transfer them to your "show run" file save it and upload it into expedition to help migrate everything over in one file.


I hope this answers your question.

Ok, thank you @azuniga . I understand. 


I am migrating the configuration. I am using this playlist:


But in video 2, during the device creation, it asks for the NGFW's Serial Number. Is this step permanent or can I change the Serial Number, when I pass the config to the real device? It is because I do not have the physical devices, but I need to starts with the config migration. 



As you do not have the physical device, you won't be able to connect to it yet for retrieving it's configuration or pushing resulting configuration into it. Therefore, you can skip this "device creation" step and go ahead with the project creation and migration.


If you want to create a base configuration, you may want to use the IronSkillets and generate a base config with some best practices already in place.


Later, you can create the device, attach it to the project and do your final steps to push the configuration into the device, or simply export the XML configuration and load it into your NGFW.

  • 5 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!