Migrating Secure Firewall ASA to Multicloud Defense with the Firewall Migration Tool in Firewall in Cisco Security Cloud Control
The Secure Firewall migration tool in Security Cloud Control lets you to migrate configurations from live ASA devices that are managed by Security Cloud Control or using a configuration file extracted from an ASA device. To read more about the Secure Firewall ASA configurations supported for migration, see ASA Configuration Support in the Migrating Cisco Secure Firewall ASA to Cisco Secure Firewall Threat Defense with the Migration Tool book.
Select Source Configuration
-
Launch your migration instance from Security Cloud Control.
-
Choose Cisco ASA (8.4+) in Select Source Configuration and click Start Migration.
-
Upload an ASA configuration file manually or choose any one of the Security Cloud Control-managed ASA devices listed on the Connect to ASA pane.
NoteIf you are trying to select a Security Cloud Control-managed device, note that devices having Configuration Status as Synced are only listed by the migration tool; if you do not see the device you want to migrate in the list, check if the device configuration changes are up-to-date and synced with Security Cloud Control. Note that one ASA device can be selected as the source device by more than one user at the same time and the confuguration extraction takes place seamlessly.If you have one or more security contexts configured on your ASA device, the migration tool allows you to choose which context you want to migrate; you can also merge all your contexts to a single instance and then migrate them. Refer Select the ASA Primary Security Context for more information.
-
Verify the parsed configuration summary and click Next.
Select Target
On the Select Target page, choose Multicloud Defense. To know more about the prerequisites and the steps involved, see Specify Destination Parameters for Multicloud Defense in Migrating Cisco Secure Firewall ASA to Cisco Multicloud Defense with the Migration Tool guide.
|
Workspace |
Steps |
|
|---|---|---|
|
|
Security Cloud Control |
In the left pane, navigate to and provision a new migration instance. |
|
|
Secure Firewall ASA CLI |
Obtain the ASA configuration file: To obtain the ASA config file from ASA CLI, see Obtain the ASA configuration file. |
|
|
Security Cloud Control |
Click Launch under Actions to open the migration tool in a different browser tab. |
|
|
Secure Firewall migration tool |
Upload the ASA config file obtained from ASA CLI, see Upload the ASA Configuration File. If you are planning to connect to live ASA, skip to step 6. |
|
|
Secure Firewall migration tool |
If you want to connect in real time to an ASA already managed by Security Cloud Control, choose from the list of ASA devices. |
|
|
Secure Firewall migration tool |
Specify the destination parameters for Multicloud Defense. See Specify Destination Parameters for more information. |
|
|
Secure Firewall migration tool |
Navigate to where you downloaded the pre migration report and review it. See Review the Premigration Report for more information. |
|
|
Secure Firewall migration tool |
Optimize and review the configuration carefully and validate that it is correct. See Optimize, Review, and Validate for more information. |
|
|
Secure Firewall migration tool |
Push the configuration to Multicloud Defense. See Push the Configuration to Multicloud Defense for more information. |
|
|
Local machine |
Download the postmigration report for verifying how the migration went. See Review the Postmigration Report for more information. |
|
|
Multicloud Defense |
Verify the migrated configurations on Multicloud Defense and use them as required in configuring your gateways. |
