Migration issue ASA to FTD with VXLAN

October 24, 2017May 10, 2021

Firepower

Trying a very, very large migration with thousands of ACL rules from ASA 5585 to FTD 4150 with multiple failures.
It certainly took a while, but after looking at the configuration, the following issue was found as a Cisco bug with VXLAN.

Once the VXLAN rules were updated with the 4789 port and suggested ACL, the migration was a success!

Symptom:
ASA to FTD Migration fails when access-list contains vxlan port

Conditions:
Access-list contains port vxlan:
access-list abc extended permit udp any any eq vxlan

Workaround:
Replace vxlan with port 4789 in the configuration backup
access-list abc extended permit udp any any eq 4789

Todd Lammle
www.lammle.com/firepower

GAIN ACCESS TO ALL SELF-PACED COURSES, PRACTICE EXAMS, VIDEOS, AND OTHER KNOWLEDGE-BOOSTING RESOURCES

SUBSCRIBE NOW

Leave a Reply Cancel reply

GAIN ACCESS TO ALL SELF-PACED COURSES, PRACTICE EXAMS, VIDEOS, AND OTHER KNOWLEDGE-BOOSTING RESOURCES