Migration issue ASA to FTD with VXLAN

0 Comments

Trying a very, very large migration with thousands of ACL rules from ASA 5585 to FTD 4150 with multiple failures.
It certainly took a while, but after looking at the configuration, the following issue was found as a Cisco bug with VXLAN.

Once the VXLAN rules were updated with the 4789 port and suggested ACL, the migration was a success!

Symptom:
ASA to FTD Migration fails when access-list contains vxlan port

Conditions:
Access-list contains port vxlan:
access-list abc extended permit udp any any eq vxlan

Workaround:
Replace vxlan with port 4789 in the configuration backup
access-list abc extended permit udp any any eq 4789

Todd Lammle
www.lammle.com/firepower

Leave a Reply

Your email address will not be published. Required fields are marked *