+ Reply to Thread
Results 1 to 7 of 7
  1. Junior Member
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    14

    Certifications
    CCNA (expired), B.E (Electrical Eng), M.S (Comp. Eng.)
    #1

    Default ASA 5510 Automated Config Backup

    Hi Everyone,

    I would appreciate a little help with this issue, I'm more comfortable with switches and router.

    I am now responsible for a few firewalls. I am looking for the equivalent of kron or archive command on switches/routers for the ASA 5510 8.0

    The only thing I can find is tftp, which there is no way of automating.
    I would like the config to backup automatically to a server periodically.

    I currently backup all my routers and switches with scp via the archive command. is there a similar command/tool you can point me to for this ASA version.

    - call home is not option, for 8.0

    I would appreciate any suggestion, and upgrading to newer ASA software is not in the works for a while.
    Reply With Quote Quote  


  2. Login/register to remove this advertisement.
  3. Console champ of TE Mrock4's Avatar
    Join Date
    Nov 2004
    Posts
    2,327

    Certifications
    CCDA, CCNA, CCNP, CCIE R&S, Security+, CISSP, SCP #2235, CCNA: DC
    #2
    I've heard of people using perl scripts for PIX backups- never tried that with the ASA. My current employer uses Kiwi CatTools though- which reaches out to the ASA to retrieve/backup the config. Works good.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Nov 2009
    Location
    South Carolina
    Posts
    114

    Certifications
    Network +, Security +, CCNA, CCNP, CCIE Written R/S
    #3
    I use Rancid for automated backups. Never had an issue with it backing up an ASA/Pix...and its free
    Reply With Quote Quote  

  5. Went to the dark side.... Moderator networker050184's Avatar
    Join Date
    Jul 2007
    Posts
    9,928

    Certifications
    CCNA, CCNP, CCIP, JNCIA-JUNOS, JNCIS-SP, JNCIP-SP
    #4
    Rancid is the way to go if you are looking for something free and reliable.
    An expert is a man who has made all the mistakes which can be made.
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    14

    Certifications
    CCNA (expired), B.E (Electrical Eng), M.S (Comp. Eng.)
    #5

    Default Than you

    Thank you all for your replies.

    rancid sounds ideal, I have tried using it in the past, however my linux/unix skills are are very poor. I got stuck in the pre-req apache/mysql settings.


    Cisco Archive commands, gave me some breathing room.

    but getting diffs, and email groups for changing sounds great

    I guess this is the kick i need to get back on that horse,
    Reply With Quote Quote  

  7. Senior Member jovan88's Avatar
    Join Date
    May 2008
    Location
    Sydney, Australia
    Posts
    387

    Certifications
    CCNP CCIP CCNA:S CCNA:V
    #6
    I've got this working using powershell if you want I can give you the script, very simple
    Reply With Quote Quote  

  8. Senior Member jovan88's Avatar
    Join Date
    May 2008
    Location
    Sydney, Australia
    Posts
    387

    Certifications
    CCNP CCIP CCNA:S CCNA:V
    #7
    Actually I'll just hand it out now if anyone wants it.

    Basically you need to download plink.exe from the Putty download page. Save the following output as a .ps1 file and run it with powershell. I wont take the credit for this I found this script somewhere on Google.

    $ASApw = "asapassword"
    $ASAIP = "192.168.1.254"
    $ASAUser = "asabackup"
    $ASAEnablepw = $ASApw

    #Modifies the ASA firewall
    #Starts by writing a "commands" file#
    echo en >>unicode.txt
    echo $ASAEnablepw >>unicode.txt
    echo "conf t" >>unicode.txt
    echo "no pager" >>unicode.txt
    echo "show run" >>unicode.txt
    echo "pager 24" >>unicode.txt
    echo exit >>unicode.txt
    echo exit >>unicode.txt

    #Converts the file to ASCII format (separate file)#
    $lines = gc "unicode.txt"
    $lines | out-file -encoding Ascii -filepath commands.txt

    #Using the command file and plink.exe connects and runs the commands #
    ./plink.exe -ssh -l $ASAUser -pw $ASApw $ASAIP -m commands.txt >"X:\ASA Backups\ASA.txt"

    #removes the files it created earlier#
    del unicode.txt
    del commands.txt


    -FYI the first time you do this it will prompt you to continue due to the certificate
    Last edited by jovan88; 10-16-2012 at 05:16 AM.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks