AnsweredAssumed Answered

SmartMove cannot find interface assigned to ACL group during ASA conversion

Question asked by Timothy Morty on Aug 2, 2018
Latest reply on Aug 6, 2018 by Timothy Morty

Evening all

 

Hoping someone can point me in the right direction here. Bear in mind, I am not a Cisco expert but I'm working with existing ASA config that is working in production...

 

SmartMove parses the config fed to it (ASA Version 9.1(4) after converting 8.2 config via fwm.cisco.com online conversion tools). I've cleaned up all of the commands I could, i.e. Skipped commands, Unknown commands, etc)  but I'm left with 9 lines as commands with conversion error:

 

Cannot find interface assigned to ACL group

[7142] Interface details: EXAMPLE1.

and so on.

 

Each interface is named and has an IP address. Each access-group correctly references the ifname value in each interface definition.

 

access-group outside_access_in in interface EXAMPLE1

 

interface GigabitEthernet0/0.123
vlan 123
nameif EXAMPLE1
security-level 0
ip address x.x.x.x 255.255.255.240 standby x.x.x.x

 

I've reviewed the definitions on 2 separate configs and both are consistent and both fail conversion with similar messages.

 

Due to this mismatch, it's not matching access-list entries to access-groups and so can't create the layers and sub-rules.

 

I'd really like to use SmartMove to achieve the conversion, neatly and quickly, as I want to use layered policies for this migration, but at this point, I'm potentially going to have to convert 5000+ ACL entries by hand if I can't resolve this.

Outcomes