End-to-End Procedure
The following flowchart illustrates the workflow for migrating an ASA with FPS to threat defense using the Secure Firewall migration tool.
Workspace |
Steps |
|
---|---|---|
Local Machine |
Download the latest version of Secure Firewall migration tool from Cisco.com. For detailed steps, see Download the Secure Firewall migration tool from Cisco.com. |
|
ASA CLI |
(Optional) Obtain the ASA with FPS configuration file: To obtain the ASA with FPS config file from ASA CLI, see Obtain the ASA configuration file. If you intend to connect the ASA from Secure Firewall migration tool, skip to step 3. |
|
ASA CLI |
(Optional) Export PKI certificates from ASA CLI: This step is required only if you are planning to migrate site-to site VPN and RA VPN features from ASA to threat defense. To export the PKI certificates from ASA CLI, see Export PKI Certificate from and Import into Firewall Management Center, step 1. If you are not planning to migrate site-to-site VPN and RA VPN, skip to step 7. |
|
ASA CLI |
(Optional) Export AnyConnect packages and profiles from ASA CLI: This step is required only if you are planning to migrate RA VPN features from ASA with FPS to threat defense. To export AnyConnect packages and profiles from ASA CLI, see Retrieve AnyConnect Packages and Profiles, step 1. If you are not planning to migrate site-to-site VPN and RA VPN, skip to step 7. |
|
Management Center |
(Optional) Import the PKI certificates and Anyconnect packages to management center: To import the PKI certificates to management center, see Export PKI Certificate from and Import into Firewall Management Center, step 2 and Retrieve AnyConnect Packages and Profiles, step 2. |
|
Local Machine |
Launch the Secure Firewall migration tool on your local machine, see Launch the Secure Firewall Migration Tool. |
|
Secure Firewall Migration Tool |
(Optional) Upload the ASA with FPS config file obtained from ASA CLI, see Upload the ASA with FPS Configuration File. If you are planning to connect to live ASA with FPS, skip to step 8. |
|
Secure Firewall Migration Tool |
You can connect to live ASA with FPS directly from the Secure Firewall migration tool. For more information, see Connect to the ASA with FPS from the Secure Firewall Migration Tool. |
|
Secure Firewall Migration Tool |
During this step, you can specify the destination parameters for the migration. For detailed steps, see Specify Destination Parameters for the Secure Firewall Migration Tool. |
|
Secure Firewall Migration Tool |
Navigate to where you downloaded the postmigration report and review the report. For detailed steps, see Review the Pre-Migration Report. |
|
Secure Firewall Migration Tool |
The Secure Firewall migration tool allows you to map the ASA with FPS configuration with threat defense interfaces. For detailed steps, see Map ASA with FPS Configurations with Secure Firewall Device Manager Threat Defense Interfaces. |
|
Secure Firewall Migration Tool |
To ensure that the ASA with FPS configuration is migrated correctly, map the ASA with FPS interfaces to the appropriate threat defense interface objects, security zones and interface groups. For detailed steps, see Map ASA with FPS Interfaces to Security Zones and Interface Groups. |
|
Secure Firewall Migration Tool |
Optimize and review the configuration carefully and validate that it is correct and matches how you want to configure the threat defense device. For detailed steps, see Optimize, Review and Validate the Configuration to be Migrated. |
|
Secure Firewall Migration Tool |
This step in the migration process sends the migrated configuration to management center and allows you to download the post-migration report. For detailed steps, see Push the Migrated Configuration to Management Center. |
|
Local Machine |
Navigate to where you downloaded the post migration report and review the report. For detailed steps, see Review the Post-Migration Report and Complete the Migration. |
|
Management Center |
Deploy the migrated configuration from the management center to threat defense. For detailed steps, see Review the Post-Migration Report and Complete the Migration. |