ASA 5510 Automated Config Backup

net_nomadnet_nomad Member Posts: 15 ■□□□□□□□□□
Hi Everyone,

I would appreciate a little help with this issue, I'm more comfortable with switches and router.

I am now responsible for a few firewalls. I am looking for the equivalent of kron or archive command on switches/routers for the ASA 5510 8.0

The only thing I can find is tftp, which there is no way of automating.
I would like the config to backup automatically to a server periodically.

I currently backup all my routers and switches with scp via the archive command. is there a similar command/tool you can point me to for this ASA version.

- call home is not option, for 8.0

I would appreciate any suggestion, and upgrading to newer ASA software is not in the works for a while.


  • Mrock4Mrock4 Banned Posts: 2,359 ■■■■■■■■□□
    I've heard of people using perl scripts for PIX backups- never tried that with the ASA. My current employer uses Kiwi CatTools though- which reaches out to the ASA to retrieve/backup the config. Works good.
  • ChipschChipsch Member Posts: 114
    I use Rancid for automated backups. Never had an issue with it backing up an ASA/Pix...and its freeicon_thumright.gif
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Rancid is the way to go if you are looking for something free and reliable.
    An expert is a man who has made all the mistakes which can be made.
  • net_nomadnet_nomad Member Posts: 15 ■□□□□□□□□□
    Thank you all for your replies.

    rancid sounds ideal, I have tried using it in the past, however my linux/unix skills are are very poor. I got stuck in the pre-req apache/mysql settings.

    Cisco Archive commands, gave me some breathing room.

    but getting diffs, and email groups for changing sounds great

    I guess this is the kick i need to get back on that horse,
  • jovan88jovan88 Member Posts: 393
    I've got this working using powershell if you want I can give you the script, very simple
  • jovan88jovan88 Member Posts: 393
    Actually I'll just hand it out now if anyone wants it.

    Basically you need to download plink.exe from the Putty download page. Save the following output as a .ps1 file and run it with powershell. I wont take the credit for this I found this script somewhere on Google.

    $ASApw = "asapassword"
    $ASAIP = ""
    $ASAUser = "asabackup"
    $ASAEnablepw = $ASApw

    #Modifies the ASA firewall
    #Starts by writing a "commands" file#
    echo en >>unicode.txt
    echo $ASAEnablepw >>unicode.txt
    echo "conf t" >>unicode.txt
    echo "no pager" >>unicode.txt
    echo "show run" >>unicode.txt
    echo "pager 24" >>unicode.txt
    echo exit >>unicode.txt
    echo exit >>unicode.txt

    #Converts the file to ASCII format (separate file)#
    $lines = gc "unicode.txt"
    $lines | out-file -encoding Ascii -filepath commands.txt

    #Using the command file and plink.exe connects and runs the commands #
    ./plink.exe -ssh -l $ASAUser -pw $ASApw $ASAIP -m commands.txt >"X:\ASA Backups\ASA.txt"

    #removes the files it created earlier#
    del unicode.txt
    del commands.txt

    -FYI the first time you do this it will prompt you to continue due to the certificate
Sign In or Register to comment.