Expedition tool for ASA migration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Expedition tool for ASA migration

L2 Linker

Hi there,

 

We need to migrate from Cisco ASA (HA Pair Active/Standby) with multi-context (3 contexts) to Palo Alto vsys.

 

What’s the best approach and effective way to accomplish this task?

 

I’ve looked into Expedition tool, but not sure if it’s really good and accurate method for such a task.

 

Thanks.

1 accepted solution

Accepted Solutions

L2 Linker

This is the sequence and the answers I was given from the "fwmigrate" team.

 

It is possible to to convert a Cisco multi-context firewall into multiple virtual routers  or multiple virtual systems.

 

For export of cisco multi-context config , you will need to go into each of the context first:
 
changeto context <name>changeto system
 
and run the commands below
 
terminal pager 0
more system:running-config / show running 
 
here are the instructions :
 
You will need to save the content of each context in a different file, for example, you have 4 contexts on cisco asa , then you will export them into 4 files , then in expedition, you can zip all 4 files in a zip file and import it as zip.   If you prefer to work on one context at a time, then you can import one config at a time.
 
I will verify that this works in the next few days.

View solution in original post

3 REPLIES 3

L3 Networker

Expedition is extremely useful migration tool. if you create your vsys on the PA and configure HA and DG.

You can use expedition to migrate each sec/nat/ policy and objects to the specific Device group. if your policies are small like 50 sec policies or less than it might be better to migrate it manually without Expedition.. I only say manual because once the policy is on the PA someone that understand both Asa and Pa configuration needs to review the sec and nat policy and make any corrections manually.

 

https://www.youtube.com/watch?v=-gbQ-YcgoPs

https://www.youtube.com/watch?v=ueU_Gus6wGI&list=PLu-orFl0GVdfKP9fV8ffQNpzG1XdsaK7i&index=7

 

 

L2 Linker

This is the sequence and the answers I was given from the "fwmigrate" team.

 

It is possible to to convert a Cisco multi-context firewall into multiple virtual routers  or multiple virtual systems.

 

For export of cisco multi-context config , you will need to go into each of the context first:
 
changeto context <name>changeto system
 
and run the commands below
 
terminal pager 0
more system:running-config / show running 
 
here are the instructions :
 
You will need to save the content of each context in a different file, for example, you have 4 contexts on cisco asa , then you will export them into 4 files , then in expedition, you can zip all 4 files in a zip file and import it as zip.   If you prefer to work on one context at a time, then you can import one config at a time.
 
I will verify that this works in the next few days.

Hi, Can you please provide 'FWMigrate' team's email address?

  • 1 accepted solution
  • 4402 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!