cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1594
Views
0
Helpful
21
Replies

Question about archived configs

dionjiles
Level 1
Level 1

We had a Pix Firewall device go down and we are trying to find out where do the configs get archived. Is there anyway to pull down the configs in clear text so we can pull down the encryption keys from the devices?

4 Accepted Solutions

Accepted Solutions

If the shadow config shows asterisks for the isakmp key, then that is how the PIX provided it when a show run was issued. That means there will be no place in LMS where that key would be visible in clear text.

View solution in original post

Pushing the config back would likely set the isakmp key to ****** which would be useless. Sounds like you'll need to look elsewhere for that key. This is akin to the problem we face with SNMPv3 users :-(.

View solution in original post

This method is hardcoded, and cannot be changed without recompiling parts of the PIX device package.

View solution in original post

A feature request by TAC doesn't hold much weight. A feature request made by the sales organization which can back things up with dollar figures means a whole lot more. Typically, TAC encourages customers to talk to their account team, SE, account manager, etc. to open a PERS ticket requesting a new or enhanced feature.

View solution in original post

21 Replies 21

Martin Ermel
VIP Alumni
VIP Alumni

the latest collected running config will be stored in the 'shadow' directory if this option is not disabled (Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Archive Settings)

for LMS 3.0 default shadow directory is

var/adm/CSCOpx/files/rme/dcma/shadow (solaris)

NMSROOT\files\rme\dcma\shadow (windows)

where NMSROOT is the installation directory of LMS (default: C:\Program Files\CSCOpx)

for LMS 2.6 it is

/var/adm/CSCOpx/files/rme/archive/shadow

NMSROOT\files\rme\archive\shadow

Thanks.....still trying to figure out why are all my isakmp keys are showing ******* i'm trying to retrieve those passwords to get my pix up and running. Any ideas.

This info is very helpful.

The shadow directory, as mermel pointed out, is where you want to look. All the configs in those directories are in clear text. They are exactly as the device provides them. If there is one place where the passwords should show up in clear text, that is it. You can push shadow configs back to devices as-is (e.g. for disaster recovery).

Got you that would seem logical as I can see some passwords and not the others. Once again thanks for helping me out.

So would it be logical to push that config back to the particular device affected with the *****

? Would I still need to type does manually or leave it as is?

Pushing the config back would likely set the isakmp key to ****** which would be useless. Sounds like you'll need to look elsewhere for that key. This is akin to the problem we face with SNMPv3 users :-(.

If the shadow config shows asterisks for the isakmp key, then that is how the PIX provided it when a show run was issued. That means there will be no place in LMS where that key would be visible in clear text.

Awesome....thanks for you help. Good information to pass along to my engineers.

One other thing my engineers want to know how exactly does Ciscoworks pulls the configuration off the devices.

Depends on the device. For PIX, we telnet/SSH in, and run show running (running-config) and show config (startup-config).

Can we change the way we pull the files on the PIX Firewalls? My engineer believes this is why we are only seeing asterisks.

This method is hardcoded, and cannot be changed without recompiling parts of the PIX device package.

Thanks.....You are a great source of information

One last question and I'm done....my engineer just asked me this question and I'm not sure how to answer.

So Ciscoworks does not have the ability to log into the box via ssh and tftp the configuration vs. doing a show startup-configuration and pasting it into a text file on the Ciscoworks server

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: