?
Solved

Watchguard VPN Configs to Cisco ASA5510 - With less than 2 hours Downtime?

Posted on 2011-05-03
8
Medium Priority
?
508 Views
Last Modified: 2012-08-13
Ok, I need to dump Watchguard VPN configuration settings into an ASA5510, 1st one with Step by Step instructions gets all 500 points.  I've copied a number of Cisco Switch configs from one switch or router to the next...this of course is a different beast.  Also, is my >2 hours request even possible?  I'd rather not have to do this particular switch-a-roo over the weekend...
0
Comment
Question by:nmacfall
  • 4
  • 2
  • 2
8 Comments
 
LVL 9

Expert Comment

by:Cheever000
ID: 35516128
First what is all involved in the change over, if it is a simple site to site set up with internet, you should be able to get it all worked out ahead of time to keep you 2 hour down time by a large margin, even with some troubleshooting leaving time to roll back if you need.

Fill us in on the requirements, and I am sure myself or someone here will be able to help you.
0
 
LVL 2

Author Comment

by:nmacfall
ID: 35516841
Well, it's sort of dependent on what we can do, really.  I'd like to be able to replace the IPSec VPN Configuration (literally turn off the service in Watchguard) and turn on a working config in the ASA5510, residing in a similar position within the network, with  differing Internal IP's - I'm going to continue using Watchguard for filtering, but the ASA will become the only VPN enabled appliance.  Trouble is, I can't bring down the Watchguard until the ASA is up and running, because it's a 24*7 Police VPN...

0
 
LVL 9

Expert Comment

by:Cheever000
ID: 35690688
IPsec VPN can be pretty standard across vendors, getting the right configuration is really all it takes.  Couple questions to start this off.  Is this a site to site?

Or is this a endpoint for client VPNs.  Will the IP change of the VPN endpoint?

We can build from here.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 2

Author Comment

by:nmacfall
ID: 35693561
End Point for Client VPN's, VPN Endpoint will change to public IP via static NAT route to internals...My real wuestion is, can I get from Watchguard a TEXT version of the overall configuration, and take out the configs having nothing to do with the VPN...Perhaps I do not know how to ask what I'm trying to ask!
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35704133
Please have a look at link below:
http://customers.watchguard.com/articles/Article/1600?retURL=%2Fapex%2FknowledgeSearch&popup=false

Please implement and update.

Thank you.
0
 
LVL 2

Author Comment

by:nmacfall
ID: 35709091
No, that's not what I'm trying to do...I'm replacing the Firebox with an ASA...but, the Firebox is going to maintain it's NON VPN properties forthe rest of the network....VPN pulled off of Firebox, and installed anew in the ASA5510....I want the *.txt config file....Is there any way to export the VPN config from the Firebox into a simple text file that I can copy and paste into the CLI for the ASA?
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 35712791
You can get FB config as XML file; so if you have any XML parser then you can convert from XML to text.

Not aware of any tool that would take XML input and give cisco like CLI right away.

Better bet would be to manually configure VPN settings on ASA IMO.

Thank you.
0
 
LVL 2

Author Closing Comment

by:nmacfall
ID: 35720411
Thank you!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month16 days, 16 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question