Tool to assist with pushing out mass (50ish) configuration changes to Cisco ASAv's

JoeBirds

Hey Techexams!

Help me out with some suggestions. My company hosts a cloud environment for our cloud customers. Each customer is assigned an ASAv virtual machine within ESXI for them to connect via site-to-site VPN and access their virtual servers behind said ASAv. There are over 50 virtual ASA firewalls in our environment. Each ASAv has an extremely similar configuration, minus IP addresses, VPN specifics, etc.


My question to you - What tool or application will allow me to push a basic configuration template out to all of these ASAv firewalls in a somewhat automated process? For example. Say that we now want to inspect some protocol on all of the ASAv appliances. What can I use to push out this simple command to these appliances without having to log into each one manually and do it.


Any ideas at all are welcome, and I appreciate you taking the time to read.

networker050184

You could do something simple like an expect script to login and push commands. That's what I usually do for something quick and easy for mass commands. If you want to get fancier you can look into your favorite programming language and possibly use the vASA API. I've been working on a lot of tools like this lately around Junos and NX-OS.

On the other hand there are plenty of commercial and open source products that do things like this as well. Rancid has it's own clogin for example. If you have a current inventory/monitoring system it might have a module like this already.