SRX Services Gateway
SRX Services Gateway

PIX/ASA to Junos converter

11.13.11   |  
‎11-13-2011 02:14 AM


Attached is a PIX/ASA to SRX/Junos converter.


It's written in Perl and has a few instructions
included. I hope someone finds it useful.

...David

 

Attachments

24 REPLIES
SRX Services Gateway

Re: PIX/ASA to Junos converter

11.17.11   |  
‎11-17-2011 03:13 AM

Minor version update - bug fixed in a core routine when newer versions of NetAddr::IP were used.

Seems to work with older versions still, though.

 

...David

 

Attachments

SRX Services Gateway

Re: PIX/ASA to Junos converter

06.26.12   |  
‎06-26-2012 03:00 PM

David -

 

WoW! - What an awesome tool. I was doing some testing it ran an old pix 6.x config file and within seconds it converted all the objects and rules. I'm so physced to work more with this tool.

 

I do need some help though. I ran a different PIX (version 8.03) config file and it errors out quickly with the below error. Any ideas?

 

admin@ubuntu:~/hms$ perl px2sx.pl hmspix

Starting conversion to Junos...


Zones & Routes...
Can't call method "network" on an undefined value at px2sx.pl line 83.

 

Line 83 on the PIX config is simply a named object. Are there version limitations with the tool?

 

SRX Services Gateway

Re: PIX/ASA to Junos converter

07.02.12   |  
‎07-02-2012 09:25 PM

This sounds awesome but I am having a hell of a time getting it to work on WIndows :/

 

I have no knowledge of using Perl, but I grabbed a copy of ActivePerl community edition 5.14 and tried it out, it errored asking for NetAddr IP module. This is where I get lost Smiley Sad Is there any simple instructions on doing this?

SRX Services Gateway

Re: PIX/ASA to Junos converter

07.02.12   |  
‎07-02-2012 10:05 PM

As with most of my experiences with code and unix installs you fix one tihng only to find another dependancy. I somehow managed to get IP.pm but now more issues:

 

C:\temp\perl px2sx.pl asa.txt
Can't locate auto/NetAddr/IP/Util/autosplit.ix in @INC (@INC contains: C:/Perl64
/site/lib C:/Perl64/lib .) at C:/Perl64/lib/AutoLoader.pm line 173.
 at C:/Perl64/lib/NetAddr/IP/Util.pm line 9
Can't locate NetAddr/IP/UtilPP.pm in @INC (@INC contains: C:/Perl64/site/lib C:/
Perl64/lib .) at C:/Perl64/lib/NetAddr/IP/Util.pm line 105.
Compilation failed in require at C:/Perl64/lib/NetAddr/IP/Lite.pm line 9.
BEGIN failed--compilation aborted at C:/Perl64/lib/NetAddr/IP/Lite.pm line 28.
Compilation failed in require at C:/Perl64/lib/NetAddr/IP.pm line 7.
BEGIN failed--compilation aborted at C:/Perl64/lib/NetAddr/IP.pm line 7.
Compilation failed in require at px2sx.pl line 16.
BEGIN failed--compilation aborted at px2sx.pl line 16.

 

SRX Services Gateway

Re: PIX/ASA to Junos converter

07.09.12   |  
‎07-09-2012 11:35 PM

Yes - currently it doesn't handle version 8 NATs. But I've sorted out most of the other bugs, so it's probably time to upload a newer version.

 

 

...David

 

SRX Services Gateway

Re: PIX/ASA to Junos converter

07.09.12   |  
‎07-09-2012 11:42 PM

It's not hard - run up the Perl Package Manager (comes with ActivePerl) and mark the NetAddr-IP package for install.

You might have to change the view to 'All Packages' first, and it does take a while to start up so patience is needed.

5.14 should be OK - it uses the 'given - when' syntax so anything from 5.10 onwards should be OK.

 

 

...David

 

SRX Services Gateway

Re: PIX/ASA to Junos converter

07.10.12   |  
‎07-10-2012 06:48 PM

 

Newer version. Some support for v8 config files now.

Various bugs fixed & features added.

 

 

...David

 

Attachments

SRX Services Gateway

Re: PIX/ASA to Junos converter

07.13.12   |  
‎07-13-2012 09:13 AM

hello my name is David Shariel mexico city, I need help converting a file from a Cisco Asa a Juniper SRX240.
They could help

SRX Services Gateway

Re: PIX/ASA to Junos converter

07.16.12   |  
‎07-16-2012 07:06 PM

Thanks David that new version worked perfectly!

 

I figured out my issue earlier with perl also - I was trying to get it to install on a machine that did not have direct Internet access. You'd never figure how hard it is to install modules for perl without Internet access Smiley Sad In the end I just grabbed a laptop and used my celluar mobile access and installed it that way - easy as can be Smiley Happy

SRX Services Gateway

Re: PIX/ASA to Junos converter

07.18.12   |  
‎07-18-2012 12:06 PM

Very nice script!!! When I run it I get the address books, zones, destination/static NAT, and routes, but an error on 506:

 

Can't call method "within" on an undefined value at px2sx.pl line 506.

 

 

Thanks,

 

Nick

 

SRX Services Gateway

Re: PIX/ASA to Junos converter

[ Edited ]
07.18.12   |  
‎07-18-2012 12:48 PM

I receive a similar but slightly different error...

Can't locate object method "within" via package "some object group in my pix config" (perhaps you forgot to load "some object group in my pix config"?) at px2sx.pl line 506.

 

Any help would be apreciated.

 

Ben

SRX Services Gateway

Re: PIX/ASA to Junos converter

08.09.12   |  
‎08-09-2012 04:18 PM

 

Line 506 is in a core function which works out which zone a given object is in.


It's called not only directly from the main loops, but also from within another function.

 

I'd need to see the (sanitised) config file that it fails on in order to sort it out.

 

From what you describe it could be an object, network-object or access-list line.

 

It's not been extensively tested on version 8 configs - I don't have a lot of examples.

 

 

...David

 

SRX Services Gateway

Re: PIX/ASA to Junos converter

08.09.12   |  
‎08-09-2012 04:30 PM

Hi David, I have a config that generates some minor errros to do with those DM_INLINE style group objects if you're interested in tweaking that.

SRX Services Gateway

Re: PIX/ASA to Junos converter

08.09.12   |  
‎08-09-2012 04:30 PM

Thinking about this... it implies that the zones file hasn't been built properly.

 

In which case all I'd need to see would the the zones.txt output file,

and maybe the static routes & interfaces sections from the config file.

 

 

...David

 

SRX Services Gateway

Re: PIX/ASA to Junos converter

08.23.12   |  
‎08-23-2012 03:35 PM

David, 

 

can you help with converting ASA config to SRX ? it is kind of last minute urgent thing, can i send you a copy of the ASA configuration ? 

 

SRX Services Gateway

Re: PIX/ASA to Junos converter

01.08.13   |  
‎01-08-2013 01:29 PM

This is most excellent and saved me a lot of manual work. Thank you!

 

SRX Services Gateway

Re: PIX/ASA to Junos converter

04.29.13   |  
‎04-29-2013 01:29 AM

Dear David,

 

I need to convert my cisco asa configuration to junos, but i am unable to use the conversion tool.

 

I downloaded your tool and it's in winrar & when i extracted it i am unable to use px2sx file.

 

Suggest me as i am new to this

 

Steps would be great.

 

Thanks in advance :-)

SRX Services Gateway

Re: PIX/ASA to Junos converter

05.01.13   |  
‎05-01-2013 02:03 AM

The tool is a PERL script. To use it you need to have it on a machine that has perl installed on it.

 

Here is a small howto to get perl installed under Windows.

http://learn.perl.org/installing/windows.html

 

 

you also need some perl "plugins" which you can install by using cpan (part of perl)

 

cpan Getopt:Smiley Frustratedtd

cpan Scalar::Util

cpan NetAddr::IP

 

 

After this you can run "perl px2sx.pl"  in the path you have axctracted the px2sx.pl tool

 

 

 

 

 

Marc



-----------------------------------------------------------------
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
-----------------------------------------------------------------
SRX Services Gateway

Re: PIX/ASA to Junos converter

06.14.13   |  
‎06-14-2013 12:43 PM

Thx a lot save my lots of time .....  :-)


DavidH wrote:


Attached is a PIX/ASA to SRX/Junos converter.


It's written in Perl and has a few instructions
included. I hope someone finds it useful.

...David