convert netscreen ns50 commands to cisco asa-5505 commands
How do I convert netscreen ns50 commands to cisco asa-5505 commands.
I have a Netscreen NS50 Version: 5.4.0r15.0 firewall/VPN,
and I want to convert it over to a Cisco ASA-5505 8.0 (4) 28.
Any help would be appreciated. Im tech enough to get in, do things, figure out commands, etc, but do not know enough, actually very little, about Cisco's terminology compared to Junipers.
Thanks very much in advance.
I have a Netscreen NS50 Version: 5.4.0r15.0 firewall/VPN,
and I want to convert it over to a Cisco ASA-5505 8.0 (4) 28.
Any help would be appreciated. Im tech enough to get in, do things, figure out commands, etc, but do not know enough, actually very little, about Cisco's terminology compared to Junipers.
Thanks very much in advance.
Ernie Beek
Well, could you post the config? I think there experts enough here to be able to create a good converted config.
I don't know of any utility that could do that for you but as Erniebeek said, if you post the current config someone will probably convert it for you (if its simple enough, assuming it is since you are using an entry level device).
ASKER
Ok, Great, thanks for the responses from both ot you.
I have a lot of IP's and user ID's etc I need to change from the public eye, I will attach a text file tomorrow morning when I get done with the changes.
I do appreciate it.
Rj
I have a lot of IP's and user ID's etc I need to change from the public eye, I will attach a text file tomorrow morning when I get done with the changes.
I do appreciate it.
Rj
ASKER
I am playing around a bit with the conversion and have a question.
I see that you have two publics (123.456.789.5 and 6) mapped to one internal ip (10.0.0.2). Is there a specific reason for that?
I see that you have two publics (123.456.789.5 and 6) mapped to one internal ip (10.0.0.2). Is there a specific reason for that?
ASKER
sorry for a late response. I didnt catch this one.
We have diffent port routings for each. Our main one, ending in 4 is the public. The one ending in 5 is a VIP that only allows traffic to ports 10.0.0.2:4080, and 10.0.0.2:5080.
The one ending in 6 allows more ports to be accessed, but not the entire network.
Thanks, and again, sorry for taking so long, I didnt see this in my email.
Rj
We have diffent port routings for each. Our main one, ending in 4 is the public. The one ending in 5 is a VIP that only allows traffic to ports 10.0.0.2:4080, and 10.0.0.2:5080.
The one ending in 6 allows more ports to be accessed, but not the entire network.
Thanks, and again, sorry for taking so long, I didnt see this in my email.
Rj
Ok,
Give me some time to play around with that. I think I'll be able to create a fairly complete 'translation'.
Give me some time to play around with that. I think I'll be able to create a fairly complete 'translation'.
ASKER
Thanks a ton erniebeek.
I'm pretty sure I was told I cant have a "VIP" on the Cisco ASA5505, but, even if I have to let them all use the same public IP, I'd like to route some incoming IP's to those certain ports.
4080 and 5080.
Thanks again.
Rj
I'm pretty sure I was told I cant have a "VIP" on the Cisco ASA5505, but, even if I have to let them all use the same public IP, I'd like to route some incoming IP's to those certain ports.
4080 and 5080.
Thanks again.
Rj
Multiple publics shouldn't be a problem, I just wasn't completely sure on how to read that part of the config ;)
ASKER
Gotcha. :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Erniebeek, Thank you sir. I am going to try this. It may take me a few days to get it in and tested.
With our vendors, I have to "schedule" a test. and sometimes its not.
Im not sure If I need to "accept" yet. Will it let you post if I Accept solution? I havent had to many complicated questions such as this.
Thanks again. I do appreciate it.
Rj
With our vendors, I have to "schedule" a test. and sometimes its not.
Im not sure If I need to "accept" yet. Will it let you post if I Accept solution? I havent had to many complicated questions such as this.
Thanks again. I do appreciate it.
Rj
You can still post when the question is closed and points are awarded. But for now you can as well leave it open and try it first, I'll be here :)
ASKER
Great Thanks.
Rj
Rj
ASKER
Erniebeek, thanks a bunch for the help.
I did not do this yet, as my boss brough in pro help (my request) for a one time shot. But It looks exactly like what I was looking for. We use AT&T, and their Network Based Firewall, and decided to allow the IP's for our EDI partners and Remote IP's access via that NWBF.
The ASA firewall will be solely VPN (traveling) users. We will have someone set it up, and I will maintain it from there.
Thanks for all of your time, It was not wasted, as I may want to use it in the future, if there is another vendor, or IP i'd rather control myself. You have really been a great help.
I did not do this yet, as my boss brough in pro help (my request) for a one time shot. But It looks exactly like what I was looking for. We use AT&T, and their Network Based Firewall, and decided to allow the IP's for our EDI partners and Remote IP's access via that NWBF.
The ASA firewall will be solely VPN (traveling) users. We will have someone set it up, and I will maintain it from there.
Thanks for all of your time, It was not wasted, as I may want to use it in the future, if there is another vendor, or IP i'd rather control myself. You have really been a great help.
You're very welcome and thanks for the points :)
I never consider my time over here as wasted, there are new things to learn every day. And in this particular case it was a good practice for me as well, regardless if you are going to use it right now or save it for a later time.
........
So in effect, I must be thanking you ;)
Mmmmm, they must set up a way to be able to award points to thank the author :))
I never consider my time over here as wasted, there are new things to learn every day. And in this particular case it was a good practice for me as well, regardless if you are going to use it right now or save it for a later time.
........
So in effect, I must be thanking you ;)
Mmmmm, they must set up a way to be able to award points to thank the author :))