Tool to assist with pushing out mass (50ish) configuration changes to Cisco ASAv's
Hey Techexams!
Help me out with some suggestions. My company hosts a cloud environment for our cloud customers. Each customer is assigned an ASAv virtual machine within ESXI for them to connect via site-to-site VPN and access their virtual servers behind said ASAv. There are over 50 virtual ASA firewalls in our environment. Each ASAv has an extremely similar configuration, minus IP addresses, VPN specifics, etc.
My question to you - What tool or application will allow me to push a basic configuration template out to all of these ASAv firewalls in a somewhat automated process? For example. Say that we now want to inspect some protocol on all of the ASAv appliances. What can I use to push out this simple command to these appliances without having to log into each one manually and do it.
Any ideas at all are welcome, and I appreciate you taking the time to read.
Help me out with some suggestions. My company hosts a cloud environment for our cloud customers. Each customer is assigned an ASAv virtual machine within ESXI for them to connect via site-to-site VPN and access their virtual servers behind said ASAv. There are over 50 virtual ASA firewalls in our environment. Each ASAv has an extremely similar configuration, minus IP addresses, VPN specifics, etc.
My question to you - What tool or application will allow me to push a basic configuration template out to all of these ASAv firewalls in a somewhat automated process? For example. Say that we now want to inspect some protocol on all of the ASAv appliances. What can I use to push out this simple command to these appliances without having to log into each one manually and do it.
Any ideas at all are welcome, and I appreciate you taking the time to read.
Comments
-
networker050184
Mod Posts: 11,962 Mod
You could do something simple like an expect script to login and push commands. That's what I usually do for something quick and easy for mass commands. If you want to get fancier you can look into your favorite programming language and possibly use the vASA API. I've been working on a lot of tools like this lately around Junos and NX-OS.
On the other hand there are plenty of commercial and open source products that do things like this as well. Rancid has it's own clogin for example. If you have a current inventory/monitoring system it might have a module like this already.An expert is a man who has made all the mistakes which can be made. -
JoeBirds
Member Posts: 49 ■■□□□□□□□□
Thanks for the reply. I've heard Kiwi CatTools come up in a few other forums. Have you used this tool? -
networker050184
Mod Posts: 11,962 Mod
I have not used that. Personally I prefer to build my own command line tools.An expert is a man who has made all the mistakes which can be made.
-
Simrid
Member Posts: 327
We have used CatTools for our backups, however I am not sure how well it works with pushing our multiple configs.
I know the option is there though. Backups work great.Network Engineer | London, UK | Currently working on: CCIE Routing & Switching
sriddle.co.uk
uk.linkedin.com/in/simonriddle -
JoeBirds
Member Posts: 49 ■■□□□□□□□□
We have used CatTools for our backups, however I am not sure how well it works with pushing our multiple configs.
I know the option is there though. Backups work great.
Thanks for your input!