Multiple tunnel migration from ASA to PAN (zone per tunnel not desired)

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Multiple tunnel migration from ASA to PAN (zone per tunnel not desired)

L1 Bithead



I am working on a migration where the source ASA has 74 VPN L2L tunnels (to remote stores using same config) and the migration tool has created individual ACLs and Zones for each. This makes managing them tedious and would prefer to have a single zone named VPN STORES and all tunnel interfaces within that zone and one ACL. Is there a method to do this in Expedition? Any help would be appreciated!


L2 Linker

For the benefit of others, posting an update on solution discussed with @jakegibb2077 
This can be achieved with the following steps:
- Use a filter and detach the tunnel interfaces from the zones. 
- Create a new zone or pick an existing zone to use for all tunnels
- Attach all the tunnel interfaces to the selected zone.
Keep in mind the security policies also need to be updated to reference this selected zone.

  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!