Link to home
Start Free TrialLog in
Avatar of nmacfall
nmacfallFlag for United States of America

asked on

Watchguard VPN Configs to Cisco ASA5510 - With less than 2 hours Downtime?

Ok, I need to dump Watchguard VPN configuration settings into an ASA5510, 1st one with Step by Step instructions gets all 500 points.  I've copied a number of Cisco Switch configs from one switch or router to the next...this of course is a different beast.  Also, is my >2 hours request even possible?  I'd rather not have to do this particular switch-a-roo over the weekend...
Avatar of Cheever000
Cheever000
Flag of United States of America image
First what is all involved in the change over, if it is a simple site to site set up with internet, you should be able to get it all worked out ahead of time to keep you 2 hour down time by a large margin, even with some troubleshooting leaving time to roll back if you need.

Fill us in on the requirements, and I am sure myself or someone here will be able to help you.
Avatar of nmacfall
nmacfall
Flag of United States of America image

ASKER

Well, it's sort of dependent on what we can do, really.  I'd like to be able to replace the IPSec VPN Configuration (literally turn off the service in Watchguard) and turn on a working config in the ASA5510, residing in a similar position within the network, with  differing Internal IP's - I'm going to continue using Watchguard for filtering, but the ASA will become the only VPN enabled appliance.  Trouble is, I can't bring down the Watchguard until the ASA is up and running, because it's a 24*7 Police VPN...

Avatar of Cheever000
Cheever000
Flag of United States of America image
IPsec VPN can be pretty standard across vendors, getting the right configuration is really all it takes.  Couple questions to start this off.  Is this a site to site?

Or is this a endpoint for client VPNs.  Will the IP change of the VPN endpoint?

We can build from here.
Avatar of nmacfall
nmacfall
Flag of United States of America image

ASKER

End Point for Client VPN's, VPN Endpoint will change to public IP via static NAT route to internals...My real wuestion is, can I get from Watchguard a TEXT version of the overall configuration, and take out the configs having nothing to do with the VPN...Perhaps I do not know how to ask what I'm trying to ask!
Avatar of dpk_wal
dpk_wal
Flag of India image
Please have a look at link below:
http://customers.watchguard.com/articles/Article/1600?retURL=%2Fapex%2FknowledgeSearch&popup=false

Please implement and update.

Thank you.
Avatar of nmacfall
nmacfall
Flag of United States of America image

ASKER

No, that's not what I'm trying to do...I'm replacing the Firebox with an ASA...but, the Firebox is going to maintain it's NON VPN properties forthe rest of the network....VPN pulled off of Firebox, and installed anew in the ASA5510....I want the *.txt config file....Is there any way to export the VPN config from the Firebox into a simple text file that I can copy and paste into the CLI for the ASA?
ASKER CERTIFIED SOLUTION
Avatar of dpk_wal
dpk_wal
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of nmacfall
nmacfall
Flag of United States of America image

ASKER

Thank you!