Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: nsp: juniper

Cisco ASA to Junos Convertor

 

 

nsp juniper RSS feed   Index | Next | Previous | View Threaded


aahmad at bmc

Jun 19, 2011, 2:55 AM

Post #1 of 6 (3012 views)
Permalink
Cisco ASA to Junos Convertor

Hi Experts,





Is there any convertor / tool to convert the Cisco ASA commands line
into SRX JUNOS?



Thanks in advance.



Kind Regards,

Altaf Ahmad

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


ssiva1086 at gmail

Jun 19, 2011, 9:28 PM

Post #2 of 6 (2985 views)
Permalink
Cisco ASA to Junos Convertor [In reply to]

Hi Altaf,

Can you try IOS to JunOS translator tool?

https://i2j.juniper.net/release/index.jsp

I don't know if you are aware of this tool, but doesn't translate all the
configs :-)

--
Thanks,
Sivas
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


jof at thejof

Jun 19, 2011, 10:00 PM

Post #3 of 6 (2981 views)
Permalink
Re: Cisco ASA to Junos Convertor [In reply to]

On Sun, Jun 19, 2011 at 9:28 PM, MSusiva <ssiva1086 [at] gmail> wrote:
> Hi Altaf,
>
> Can you try IOS to JunOS translator tool?
>
> https://i2j.juniper.net/release/index.jsp

I2J is indeed a pretty awesome tool. It's probably a great tool for
Juniper SEs to pitch switching.

Unfortunately, Cisco PIXes and ASAs don't really run IOS. They may
borrow portions of code from one platform to the other, but the
configuration is totally different.

Altaf, you're best bet (in my opinion) would be to read over the JunOS
documentation for SRXes and start manually porting over your
configuration.
If you're really stuck after giving it a shot, maybe someone on this
list can help you out.

Cheers,
jof
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


aahmad at bmc

Jun 20, 2011, 2:40 AM

Post #4 of 6 (2977 views)
Permalink
Re: Cisco ASA to Junos Convertor [In reply to]

Many Thanks to Jof and Sivas,

I tried I2J tool but it does not translate the ASA commands to JUNOS. I
am having very big configuration ASA files which consist around 1000 +
Access list entries (ACEs) by using object-group and its really very
hard to manually translate huge number of lines in JUNOS. Is there any
suggestion to for this issue?

Regards,
Altaf Ahmad

-----Original Message-----
From: Jonathan Lassoff [mailto:jof [at] thejof]
Sent: Monday, June 20, 2011 8:00 AM
To: MSusiva
Cc: Altaf Ahmad; juniper-nsp [at] puck
Subject: Re: [j-nsp] Cisco ASA to Junos Convertor

On Sun, Jun 19, 2011 at 9:28 PM, MSusiva <ssiva1086 [at] gmail> wrote:
> Hi Altaf,
>
> Can you try IOS to JunOS translator tool?
>
> https://i2j.juniper.net/release/index.jsp

I2J is indeed a pretty awesome tool. It's probably a great tool for
Juniper SEs to pitch switching.

Unfortunately, Cisco PIXes and ASAs don't really run IOS. They may
borrow portions of code from one platform to the other, but the
configuration is totally different.

Altaf, you're best bet (in my opinion) would be to read over the JunOS
documentation for SRXes and start manually porting over your
configuration.
If you're really stuck after giving it a shot, maybe someone on this
list can help you out.

Cheers,
jof

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


jason at oasys

Jun 20, 2011, 6:32 AM

Post #5 of 6 (2976 views)
Permalink
Re: Cisco ASA to Junos Convertor [In reply to]

On 06/20, Altaf Ahmad wrote:
> I tried I2J tool but it does not translate the ASA commands to JUNOS. I
> am having very big configuration ASA files which consist around 1000 +
> Access list entries (ACEs) by using object-group and its really very
> hard to manually translate huge number of lines in JUNOS. Is there any
> suggestion to for this issue?

We are considering a migration to SRX, and have donen a proof-of-concept
conversion in the lab. It is relatively straightforward to write some
perl to convert access lists from Cisco to Juniper if your object-groups
are consistently structured. The biggest drawback we found is that
Juniper does not support nested address-sets like Cisco does its
object-groups -- we ended up solving that with a commit script on the
Junos side.

Juniper has also offered professional services to assist in migrating
the configuration between platforms. We haven't gotten to that point in
the engagement, so I can't comment on that process.

-j

--
Jason Lavoie
Ratvarre sbe uver
jason [at] oasys
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


kcullimo at runbox

Jun 20, 2011, 8:16 AM

Post #6 of 6 (2970 views)
Permalink
Re: Cisco ASA to Junos Convertor [In reply to]

On 6/20/2011 9:32 AM, Jason Lavoie wrote:

Full Disclosure: I occasionally do this (cross-platform/manufacturer
firewall migrations) for a living.
> On 06/20, Altaf Ahmad wrote:
>> I tried I2J tool but it does not translate the ASA commands to JUNOS. I
>> am having very big configuration ASA files which consist around 1000 +
>> Access list entries (ACEs) by using object-group and its really very
>> hard to manually translate huge number of lines in JUNOS. Is there any
>> suggestion to for this issue?
> We are considering a migration to SRX, and have donen a proof-of-concept
> conversion in the lab. It is relatively straightforward to write some
> perl to convert access lists from Cisco to Juniper if your object-groups
> are consistently structured. The biggest drawback we found is that
> Juniper does not support nested address-sets like Cisco does its
> object-groups -- we ended up solving that with a commit script on the
> Junos side.
>
Most of the tedious stuff can indeed be automated within the confines of
a sufficiently robust scripting environment. The solutions i've
encountered most frequently are perl-based. I've performed a fair amount
of minor/side tasks via bash shell scripts. A former coworker of mine
once wrote a checkpoint-to-screenos migration utility in VBA(excel).
> Juniper has also offered professional services to assist in migrating
> the configuration between platforms. We haven't gotten to that point in
> the engagement, so I can't comment on that process.
The amount of work required varies from
customer/environment/configuration to customer/environment/configuration.
> -j
>

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

nsp juniper RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.