Any tool to migrate from a Nokia/CheckPoint firewall to CISCO ASA
Would like to know if there is any tool that could help to migrate CheckPoint firewall objects and rules database to CISCO ASA equivalent ;
Could the last CISCO Security Manager product help in this process ?
thanks in advance
Joel, you may need to use a firewall analyser or fw auditing tools to retreave fw rules from Nokia/Fw-1 in a legibel format like using LFA, but you still need to manually entered the configuration into ASA.
Check this link and look for (LFA) Lumeta firewall analyser, they work along with checkpoint..
http://www.lumeta.com/
Also reference this thread, it may help.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=General&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd7e5c4
HTH
Jorge
Similar Messages
-
When using the migrate tool to migrate from windows to mac, can you use ethernet to connect the computers to each other? In the Migration tool, I was only given the option of choosing the computer when it appeared on the same network, and didn't see an option to connect them to each other. Even though they're both connected to the same network with a wired connection, the migration is painfully slow.
Yes. The following quotation is from About Windows Migration Assistant
These are the preferred network connections, in order:
Use a CAT6-certified Ethernet cable that is in good condition to connect the Ethernet port of the PC directly to the Ethernet port of the Mac or Ethernet adaptor (USB or Thunderbolt). You shouldn't use an Ethernet cable that has any kinks in it or is missing connector tabs.
Use CAT6-certified Ethernet cables that are in good condition to connect the Mac and PC to your home network router/hub/switch. You shouldn't use an Ethernet cable that has any kinks in it or is missing connector tabs.
For wireless, use the fastest wireless signal possible (802.11n 5Ghz). Try to have the PC, Mac, and the wireless access point all in the same room close to each other. -
I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
I need to allow the following IP addresses to have RDP access to my server:
66.237.238.193-66.237.238.222
69.195.249.177-69.195.249.190
69.65.80.240-69.65.80.249
My external WAN server info is - 99.89.69.333
The internal IP address of my server is - 192.168.6.2
The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
THE FOLLOWING IS MY CONFIGURATION FILE
Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
Also the bolded lines are the modifications I made but that arent working.
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password DowJbZ7jrm5Nkm5B encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.6.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 99.89.69.233 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group network EMRMC
network-object 10.1.2.0 255.255.255.0
network-object 192.168.10.0 255.255.255.0
network-object 192.168.11.0 255.255.255.0
network-object 172.16.0.0 255.255.0.0
network-object 192.168.9.0 255.255.255.0
object-group service RDP tcp
description RDP
port-object eq 3389
object-group service GMED tcp
description GMED
port-object eq 3390
object-group service MarsAccess tcp
description MarsAccess
port-object range pcanywhere-data 5632
object-group service MarsFTP tcp
description MarsFTP
port-object range ftp-data ftp
object-group service MarsSupportAppls tcp
description MarsSupportAppls
port-object eq 1972
object-group service MarsUpdatePort tcp
description MarsUpdatePort
port-object eq 7835
object-group service NM1503 tcp
description NM1503
port-object eq 1503
object-group service NM1720 tcp
description NM1720
port-object eq h323
object-group service NM1731 tcp
description NM1731
port-object eq 1731
object-group service NM389 tcp
description NM389
port-object eq ldap
object-group service NM522 tcp
description NM522
port-object eq 522
object-group service SSL tcp
description SSL
port-object eq https
object-group service rdp tcp
port-object eq 3389
access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.6.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 68.156.148.5
crypto map outside_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
tunnel-group 68.156.148.5 type ipsec-l2l
tunnel-group 68.156.148.5 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
: end
ciscoasa(config-network)#Unclear what did not work. In your original post you include said some commands were added but don't work:
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
and later you state you add another command that gets an error:
static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface. Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive? Static PAT usually makes sense when you need to change the TCP port number. In your example, you are not changing the TCP port 3389. -
Do we have any tool to migrate SharePoint 2010 to 2013?
Hi,
Why Microsoft didn't provided the User friendly tool to migrate the solution from SP 2010 farm to SP 2013 farm? In order to take the backup and restore the database, run some powershell commands and validating the process , instead they can provide
some user friendly tool to support the migration process. If they can provide SharePoint Designer / Infopath for customization /branding, why they're not providing the tool for migration instead of using 3rd party tool.
Balaji -Please click mark as answer if my reply solves your problem.Hi Balaji,
As Alex mentioned, "upgrading SharePoint is potentially quite complicated". I've heard some nightmare scenarios coming from users who tried the detach-attach solution provided by Microsoft* but others also been able to get the desired result with a few manual
tweaks. However I couldn't say exactly why Microsoft isn't providing his SharePoint end-users with a more friendly approach, I guess Alex and John gave you a good idea about Microsoft motivations for not going forward.
The upgrade is for sure rather complicated. However from what I could understand so far you were looking for a simple solution and I'm guessing you'll find a great alternative with third party tools.
In fact when comparing the attach-detach method with third party tools you'll quickly notice that third party tool will allow you to simply go directly from for instance SP2007 to O365 without having to previously move everything to SP2010. In sum they are
huge time savers. Also, the detach/attach method has limitations such as broken links and workflows, two things must third party tools will take care of.
As I'm working for Sharegate and using it on a daily basis, I admit my judgement is biased ;-) However, from an end user point of view simplicity is certainly one of Sharegate's great assets. Most third-parties also offer trial versions that allow you to compare
and see how they work. I invite you to see for yourself which tool suits you best. Here is a place to start your journey: http://en.share-gate.com/download
Cheers!
Stephanie, from Sharegate -
What is the right tools to migrate from developer suite 10g to 11g?
Hi all..
Im kinda new here and hope pro can help me in the right direction. I've been developing forms and reports in 10g which is using the developer suite. My company would like to migrate to 11g. However, i see that there are no 11g developer suite. it must have rename it something else or provided to developer in a different name or so.
Could someone clarify this and give me a link to what i need to develop forms and reports in 11g. Im sure im going to need the weblogic as well.
I did find a post where user states that there is no more developer suite in 11g but i find his answer a bit unclear. So i was hoping someone can give a link to what i really need in order to continue with 11g.
ThanksIn brief a migration from 10g to 11g is just a recompile, nothing more. There were some built-ins removed in 11g which were deprecated in 10g (like run_product for example) so if you have some dead code containing this built-ins you will get compile errors. But as those built-ins didn't do anything in 10g you should be able to remove them without a second thought.
As for developer suite: there is no developer suite anymore like there was in 10g; There is only one complete bundle containing the development as well as the deployment components, and you can choose at installation time which components you want to install. You can install the IDEs and omit some of the components you won't need in 11gR1 or install the development version in 11gR2.
You can find the install bundles here.
Before you start installing it is a good idea to review the certified system configurations.
cheers -
Move SSL Cert from one device to another on Cisco ASA
Hello Everyone,
Is it possible to move SSL certificate + Key from one cisco asa to another ? I hope its possible and if someone can guide me towards correct documentation that would be perfect.
thank you
ManishWe have an ASA5550 running 8.2(5) that we're using as a VPN terminator; it died yesterday when we had a power glitch in the data center, and we're temporarily installing a spare 5510 (we don't have a spare 5550) until it's replaced. But the RSA keys on the spare don't match the ones on the old firewall, so when we try to install the old cert it fails:
ERROR: Keypair cannot be found for trustpoint UMVPN3-INCOMMON-MAY2020.
The old ASA is dead, so we can't do a straight export/import - all we have to work with is what's in yesterday's config backup...
I gather there's no way to extract the original keys from this; is there any way to recover in this case? Or must we export the certs from the ASAs with a "crypto ca export" and save copies of these in a secure location? -
Any way to migrate from one 10.5 server to another?
Hi,
I just lost a 10.5 Server installation, it just won't boot anymore. Since no one seems to be able to help with that problem, I needed to move on and install fresh. However, the old installation took considerable work. I would hate to have to do it all over again. So the question is: is there a migration assistant or something similar to migrate one OSX Leopard Server installation to another machine / hard drive?
Cheers.
PS: I tried carbon copy cloner, the cloned instance won't boot up either. I guess some files have been corrupted.Yes, you can.
Open: System Preferences > Hardware > Keyboard & Mouse > Mouse, select menu for the side
buttons, turn it off or select another use for the side buttons.
It takes a little practice, but you can train yourself not to be pressing the side buttons inadvertently.
That's the other option.
To still use expose, you can use the keyboard. I have expose assigned to F10. Those settings can be
adjusted using System Prefs as well.
Kj -
Migrating from Linux based Tacacs+ server to Cisco ACS 1113 appliance
I'm trying to migrate my configuration from a Linux based Tacacs+ server to the Cisco ACS 1113 appliance. Does anyone have any recommendations.
Thanks.Hi
We (extraxi) offer migration and general consultancy for ACS if you need professional help.
www.extraxi.com/contact.htm -
Migrating from SIEMENS HIPATH 3000 to a CISCO VOIP Solution
We've got a SIEMENS HIPATH 3000 PBX system with 15 to 20 individual telephone lines coming in from the telecom operator into the FSO card of the PBX
We are planning to migrate to CISCO Call Manager and are also implementing an 3845 Router
I would like to know if there is an interface on the router into which these 20 RJ11 phone lines go or is there another option
How do I go about it ?Thanks pk, I knew of the FXO Cards. However I do not think there is any FXO card that allows for 20 RJ11 individual phone lines
Because all the cards available at the link you sent me are all 2, 4 or max 8 ports
VIC-2FXO 2 FXO
VIC-2FXO-EU 2 FXO
VIC-2FXO-M1 2 FXO
VIC-2FXO-M2 2 FXO
VIC-2FXO-M3 2 FXO
VIC-4FXO-M1 4 FXO
VIC2-2FXO 2 FXO
VIC2-4FXO 4 FXO
MRP3-8FXOM1 8 FXO
Do you have the product number of any FXO card that has 20 FXO ports for 20 RJ11 phone lines ? -
Migrating from CiscoWorks LMS 3.1 to Cisco Prime LMS 4.2
Hi Everyone
My client was formerly having CiscoWorks LMS 3.1. Recently, they purchased Cisco Prime Infrastructure v1.2, which comes with Cisco Prime LMS 4.2. Can I migrate the database (equipment list, usernames etc.) of the CiscoWorks LMS 3.1 to Cisco Prime LMS 4.2? If yes, how do I do this? Please kindly advice.
Shown below, were the Part Numbers quoted to the end client.
R-PI12-UP-K9
LMS 2.x/3.x to Cisco Prime Infrastructure 1.2 Major Upgrade
L-PI12-LF-1.5K-LIC
Prime Infrastructure 1.2 - Lifecycle - 1.5K Device Lic PAK
L-PILMS42-1.5K-U
Prime Infrastructure LMS 4.2 - 1.5K Device Maj Upg Lic
R-PI12-BASE-K9
Prime Infrastructure 1.2 Base License and Software
L-PI12-1.5K-UP
LMS 2.x/3.x to Prime Infrastructure 1.2 Maj Upg 1.5K Device
Regards,
RamThanks Marvin for your advice. Just one last question, there's a statement in the URL that you've provided
"Ensure that the passwords, HTTPS port and SMTP server details are same in both LMS 3.2 SP1, LMS 4.0.1 or LMS 4.1 server and LMS 4.2 server with Symantec Veritas implementation, while migrating data from non-HA to HA environment."
Does this mean my client need to purchase Symantec Veritas, as well? -
Migration From SQL 7.0 To Oracle 8.0.5
Is there any tool to migrate from SQL Server 7.0 To Oracle 8.0.5
nullHi Khalil,
It is downloadable from this web page in the 'Software' Link.
Regards
John
Khalil A. Khalil (guest) wrote:
: Is there any tool to migrate from SQL Server 7.0 To Oracle
8.0.5
Oracle Technology Network
http://technet.oracle.com
null -
Hi Support,
In my Project we are trying to migrate sharepoint 2007 Infopaths to sharepoint 2013 Infopaths(there are some 20000 infopaths).Here we want to change the Data Connection from old to new connection.
So please let me know if there is any tool to migrate sharepoint 2007 infopaths data connection to sharepoint 2013 infopaths data connection.
Thank You in Advance for your help.
Regards,
PradeepHi Pradeep,
As far as I could search, there is no built-in feature to batch updating InfoPath forms, I’d suggest you consider script or third party tool. Here are the links that might help:
http://sharepintblog.com/2011/06/07/updating-infopath-form-templates-and-data-connections-with-powershell/
http://www.dotnetfunda.com/articles/show/2829/migrating-infopath-2007-form-to-2013-forms
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Regards,
Rebecca Tu
TechNet Community Support -
Where to get any informaton (best practises, guidelines ) for migration from UCCE to UCCX.
Does cisco have ani migratio tools ( like scripts, promps migration ) for application transfer from UCCE to UCCX
ThanksIn addition to great tips from Gergely (+5), you will not find too much of folks that went from UCCE to UCCX, it is more common to go the other route.
Other items to consider is the re-deployment of agent desktops to the PC, if you are using CTI OS today you will need to migrate to CAD, so a little different agent experience. Also, pay attention to any 3rd party integrations, ie. call recording, WFM, CTI, VXML, wall board, survey, etc, etc as some may not be compatible with UCCX.
HTH,
Chris -
Migration from MS SQL7 to Oracle 8i
Has any one successfully migrated from MS SQL7 to Oracle 8i
(basically tables & stored procedures).
Any suggestion would be greatly appreciated.
Thanks
Anish
nullOracle Migration Workbench Team wrote:
: Anish,
: We have a number of customers from our SQL Server 7.0 beta
: program who have successfully migrated their databases. We will
: be making the SQL Server 7.0 version of the Workbench available
: on OTN within the next 3 weeks.
: This should be able to significantly help you with your
: migration. If you have not already used the tool I would
suggest
: either downloading the 6.5 version or take a look at the Quick
: Tour which is available within the Migration Technology section
: on OTN.
: Regards,
: Marie
: =====
: Anish (guest) wrote:
: : Has any one successfully migrated from MS SQL7 to Oracle 8i
: : (basically tables & stored procedures).
: : Any suggestion would be greatly appreciated.
: : Thanks
: : Anish
: Oracle Technology Network
: http://technet.oracle.com
null -
Migrating from MS-SQL Server to Oracle
Hi,
Is there any Java Tool to migrate from MS-SQL Server to Oralce?
(My Organization's data is already stored in MS-SQL Server database, now we want to migrate to Oracle;
is there any easy way to pull data from MS-SQL Server and push into Oracle database)
thanks,I think u should use a third party help to resolve this problem, i use dbload to solve it when i was migrated my data, it can migrate almost any data, it helps me to convert MSSQL to MYSQL, MS access to MSSQL, mysql, csv loader, foxpro and MSSQL to MS access, MYSQl, CSV, foxpro etc. i found it on google search.
Download Free : http://www.dbload.com
Maybe you are looking for
-
Unable to load database connector
Hi. I am trying to get a report running through the JRC in Crystal Reports XI. Whenever I try to run the report, it pulls up the viewer, but then gets the following message: "Unable to load database Connector" 'com.crystaldecisions.reports.queryengin
-
Error when activate transfer structure
Dear Experts I Have problem with transfer structure activation with start routine If I check the start routine it's ok, no error but if i activate transfer routine, there is an error bellow: Syntax error "' '" and "TRAN_STRUCTURE" are not comparable
-
Monitoring with Server Manager?
I start Server Manager in an xterm window with command svrmgrl and log in with system account. However, when trying to monitor the database, the following message appears (interpreted by oerr): [oracle@rxo log]$ oerr MGR 4501 4501, 0, "monitors are n
-
Hi All, One of our user is facing authorization issue in SM50. He goes to SM50 and tries to open a work process. This is where he gets message "You are not authorized to use function Work Process List". When I check the trace, I see only missing acce
-
Changing the material Group in PO -- the GL assignment doesn't change
Good morning, we have a material group linked to a valuation class. When we create a service purchase order, we use this material group and the G/L account is automatically updated, but if we change the material group, the G/L account doesn' change.