07-02-2007 07:14 AM - edited 03-11-2019 03:38 AM
Hi,
Would like to check if anyone has a standard backup procedures..meaning besides "sh run,sh ver" what other commands are recommended when doing a backup of the pix configuration..
Thanks in advanced,
Cindy
Solved! Go to Solution.
07-02-2007 07:22 AM
i wrote some perl scripts i run from a unix box that executes the 'write net' command on all my PIX'es using a cron job. i'm sure most other people use some sort of commercial back up though.
To use the 'write net' command you first have to configure your tftp server using the tftp-server command.
eg:
firewall(config)# tftp-server inside ?
configure mode commands/options:
Hostname or A.B.C.D The IP address or name of the TFTP server
Hostname or X:X:X:X::X The IPv6 address or name of the TFTP server
firewall(config)# tftp-server inside 192.168.1.1 ?
configure mode commands/options:
WORD < 127 char The path and filename of the configuration file
07-02-2007 07:22 AM
i wrote some perl scripts i run from a unix box that executes the 'write net' command on all my PIX'es using a cron job. i'm sure most other people use some sort of commercial back up though.
To use the 'write net' command you first have to configure your tftp server using the tftp-server command.
eg:
firewall(config)# tftp-server inside ?
configure mode commands/options:
Hostname or A.B.C.D The IP address or name of the TFTP server
Hostname or X:X:X:X::X The IPv6 address or name of the TFTP server
firewall(config)# tftp-server inside 192.168.1.1 ?
configure mode commands/options:
WORD < 127 char The path and filename of the configuration file
07-02-2007 11:32 PM
Hi,
Don't use 'sh run' when trying to do a backup. The preshare keys for VPNs are not displayed on the PIX. 'wr net' with a tftp server is a better option.
In our company we have several 501's and don't backup each one, just write down the parameters in a database.
Raphael
07-03-2007 07:07 AM
write net command or using Ciscoworks if you have one implemented within your organisation to do your config backup periodically is the best solution to this. It is BAD PRACTICES not to backup your system config and writting down parameters. You should adopt BEST PRACTICES in all you do.
07-03-2007 09:35 AM
I backup the config of all our Pixes by uploading the files via TFTP. I save the configs regularly. We also backup each config before and after a new change.
07-03-2007 09:51 AM
Here is my script. It first reads all my PIX IP's from a file then uses those as input to run through the script for each one. If you don't know Perl (or any other language) this might not make sense. I use a second script to tar up all of my IOS and PIX configs where they are then transferred to yet another server for long term tape backup.
#!/usr/bin/perl -w
#Written by SRUE
#this script backs up all cisco pix devices via tftp
use Net::Telnet::Cisco;
$passwd = 'password';
$enable_passwd = 'password';
open (HOSTS, "/usr/local/apache2/htdocs/db/pixhosts.db");
@hosts =
chomp (@hosts);
foreach $pix (@hosts)
{
my $session = Net::Telnet::Cisco->new(Host => $pix, Timeout => 30);
$session->prompt('/[\$%#>] $/');
$session->login('username', $passwd);
$session->enable($enable_passwd);
$session->cmd("write mem\nwrite net\n");
}
close (HOSTS);
------------------
there's more to it than all this. I also wrote a web page where I can add/delete new IOS or PIX devices. i use perl/cgi to add those entries to their respective files where Perl reads them and backs them all up.
(btw, I really don't know much Perl, just the bare minimum imo.)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide