[j-nsp] Cisco ASA to Junos Convertor
Jason Lavoie
jason at oasys.net
Mon Jun 20 09:32:24 EDT 2011
On 06/20, Altaf Ahmad wrote:
> I tried I2J tool but it does not translate the ASA commands to JUNOS. I
> am having very big configuration ASA files which consist around 1000 +
> Access list entries (ACEs) by using object-group and its really very
> hard to manually translate huge number of lines in JUNOS. Is there any
> suggestion to for this issue?
We are considering a migration to SRX, and have donen a proof-of-concept
conversion in the lab. It is relatively straightforward to write some
perl to convert access lists from Cisco to Juniper if your object-groups
are consistently structured. The biggest drawback we found is that
Juniper does not support nested address-sets like Cisco does its
object-groups -- we ended up solving that with a commit script on the
Junos side.
Juniper has also offered professional services to assist in migrating
the configuration between platforms. We haven't gotten to that point in
the engagement, so I can't comment on that process.
-j
--
Jason Lavoie
Ratvarre sbe uver
jason at oasys.net
More information about the juniper-nsp
mailing list