06-09-2008 08:38 AM - edited 02-21-2020 02:03 AM
I would like to replace tftp with scp. Since you cannot do a "copy run scp" on the ASA, I'd like to scp the ASA's system:running-config to my server I store backups on. The ASA also does not recognize the (/) character so I cannot "scp user@asa:system/running-config" and "scp user@asa:system:running-config" causes problems for scp.
How are others securely (i.e. not TFTP) backing up their configurations?
Can use expect, but rather keep it simple as possible.
Thanks,
06-09-2008 09:01 AM
Use RANCID for backing your configuration.
RANCID can use ssh so it is very secure.
06-09-2008 09:26 AM
Thank you for your reply.
I have looked at RANCID but haven't gotten buy off yet to install/use it.
I was hoping to find an easy solution in the interim.
06-09-2008 06:16 PM
The ASA has built-in commands to do this, but still uses TFTP. Maybe you can encrypt the TFTP traffic generated on the box (Just an idea, never tried it).
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mswlicfg.html#wp1063700
Also there is a better formatted script here:
http://6200networks.com/2008/02/06/using-a-script-to-back-up-asa-configuration/
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide