ASA 5510 Automated Config Backup
net_nomad
Member Posts: 15 ■□□□□□□□□□
Hi Everyone,
I would appreciate a little help with this issue, I'm more comfortable with switches and router.
I am now responsible for a few firewalls. I am looking for the equivalent of kron or archive command on switches/routers for the ASA 5510 8.0
The only thing I can find is tftp, which there is no way of automating.
I would like the config to backup automatically to a server periodically.
I currently backup all my routers and switches with scp via the archive command. is there a similar command/tool you can point me to for this ASA version.
- call home is not option, for 8.0
I would appreciate any suggestion, and upgrading to newer ASA software is not in the works for a while.
I would appreciate a little help with this issue, I'm more comfortable with switches and router.
I am now responsible for a few firewalls. I am looking for the equivalent of kron or archive command on switches/routers for the ASA 5510 8.0
The only thing I can find is tftp, which there is no way of automating.
I would like the config to backup automatically to a server periodically.
I currently backup all my routers and switches with scp via the archive command. is there a similar command/tool you can point me to for this ASA version.
- call home is not option, for 8.0
I would appreciate any suggestion, and upgrading to newer ASA software is not in the works for a while.
Comments
-
Mrock4
Banned Posts: 2,359 ■■■■■■■■□□
I've heard of people using perl scripts for PIX backups- never tried that with the ASA. My current employer uses Kiwi CatTools though- which reaches out to the ASA to retrieve/backup the config. Works good. -
Chipsch
Member Posts: 114
I use Rancid for automated backups. Never had an issue with it backing up an ASA/Pix...and its free
-
networker050184
Mod Posts: 11,962 Mod
Rancid is the way to go if you are looking for something free and reliable.An expert is a man who has made all the mistakes which can be made. -
net_nomad
Member Posts: 15 ■□□□□□□□□□
Thank you all for your replies.
rancid sounds ideal, I have tried using it in the past, however my linux/unix skills are are very poor. I got stuck in the pre-req apache/mysql settings.
Cisco Archive commands, gave me some breathing room.
but getting diffs, and email groups for changing sounds great
I guess this is the kick i need to get back on that horse, -
jovan88
Member Posts: 393
I've got this working using powershell if you want I can give you the script, very simple -
jovan88
Member Posts: 393
Actually I'll just hand it out now if anyone wants it.
Basically you need to download plink.exe from the Putty download page. Save the following output as a .ps1 file and run it with powershell. I wont take the credit for this I found this script somewhere on Google.
$ASApw = "asapassword"
$ASAIP = "192.168.1.254"
$ASAUser = "asabackup"
$ASAEnablepw = $ASApw
#Modifies the ASA firewall
#Starts by writing a "commands" file#
echo en >>unicode.txt
echo $ASAEnablepw >>unicode.txt
echo "conf t" >>unicode.txt
echo "no pager" >>unicode.txt
echo "show run" >>unicode.txt
echo "pager 24" >>unicode.txt
echo exit >>unicode.txt
echo exit >>unicode.txt
#Converts the file to ASCII format (separate file)#
$lines = gc "unicode.txt"
$lines | out-file -encoding Ascii -filepath commands.txt
#Using the command file and plink.exe connects and runs the commands #
./plink.exe -ssh -l $ASAUser -pw $ASApw $ASAIP -m commands.txt >"X:\ASA Backups\ASA.txt"
#removes the files it created earlier#
del unicode.txt
del commands.txt
-FYI the first time you do this it will prompt you to continue due to the certificate
