Script pyhton to migrate ipsec ikev1/ikev2 configuration from Cisco IOS Router to Cisco ASA firewall.
1/ipsec-collect.py
This script allows you to collect ipsec ikev1/ikev2 configurations from Cisco Router (IOS) Prerequisites
Cisco router ios (tested on ios 15.4)
Python 3.x
Instructions
Clone this repository to your workstation.
Copy the output of the command: more system:running-config to the config.txt file in /input folder.
Run the ipsecollect.py script. this programme will generate two output files in /output folder: config_VPN.csv and config_ike.csv.
- config_VPN.csv: contains vpn configuration extracted from the running-config such as: peer ip, secondary peer, psk, phase 2 proposal, encryption domain..
- config_ike.csv: contains all isakmp/phase1 policy with no redundance if policy already collected
2/ipsecgen.py
This script allows you to generated ipsec ikev1/ikev2 configurations for Cisco ASA from two files generated by the first script ipsecollect.py Prerequisites
Cisco ASA 8.4 (or newer tested in ASA 9.4)
Python 3.x
Instructions
Check that csv files generated by the first script already exists in /output directory, or you can fill out the config_VPN.csv and config_ike.csv files with your vpn information.
Run the ipsecgen.py script which generates the vpn configuration in the output/ASA_config.txt file.