ACE: any configuration backup solution?

Unanswered Question
Jul 21st, 2008
User Badges:

Hello,


for the ACE module I did not find an easy way to create a backup for the whole configuration (running configuration and crypto material of all the contexts). Any ideas? I only found a perl backup script for Cisco ASA which I could modify:


http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mswlicfg.html#wp1063700


Regards, Olaf


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (5 ratings)
Loading.
ciscocsoc Mon, 07/21/2008 - 08:10
User Badges:
  • Silver, 250 points or more

Hi Olaf,


I use an Expect script to backup Admin and each context. I have attached a sample script for comparison with the reference you give.


You should be able to enter commands to export the certificates/keys but only if you have enabled the exportable option.


Hope this helps


Cathy



Attachment: 
r.sharafi Tue, 09/09/2008 - 06:56
User Badges:

Hi Cathy,


I tried to download the attachment but it did not work. Can you please upload it again.


Many Thanks,


Ramin


ciscocsoc Tue, 09/16/2008 - 02:33
User Badges:
  • Silver, 250 points or more

Hi Ramin,


Apologies for the delay - I was on leave. The download works for me - but here it is again - inline this time.


set date [exec C:\\Mywork\\UnxUtils\\date.exe "+%y%m%d"]

set configout [open C:\\ACE\\Configs\\ACE1-Test-$date.txt a]


set ip "192.168.10.91"


spawn telnet $ip

expect "login:"


sleep 1

send -- "adminTest\r"

expect "Password:"


sleep 1

send -- "whatever\r"

expect -- "Test#"


sleep 1

send -- "term len 0\r"

expect -- "Test#"


sleep 1

send -- "sh runn\r"

expect -- "Test#"


set s [split $expect_out(buffer) \n]


foreach nline $s {

if {[string first "sh runn" $nline] == 1} continue

if {[string first "Generating" $nline] == 0} continue

if {[string first "Test#" $nline] == 0} continue

if {[string first "ace1/Test#" $nline] == 0} continue

regsub -all "\r" $nline "" nline2

puts $configout "$nline2"

}


close $configout


sleep 1

send -- "term len 22\n"

expect -- "Test#"


sleep 1

send -- "exit\r"


expect -- "foreign"

expect eof




HTH


Cathy

r.sharafi Tue, 09/16/2008 - 03:42
User Badges:

Hi Cathy,


Many thanks. Since I do not know much about programming I will try to get some help understanding and using the script.


I was asking myself if it is not somehow possible to access the directory where all context configurations are stored and just copy them to a FTP server.

Being able to save configuration checkpoints would also be great.


Regards,

Ramin

Roble Mumin Tue, 09/16/2008 - 04:30
User Badges:
  • Bronze, 100 points or more

We are using DeviceExpert from ManageEngine to backup all our Equipment.

That is a really cool tool which lets you schedule backups, show difference to previous configs and at the same make sure all devices are configured based on your policies.


The only thing missing so far is dedicated ACE template. I already did a feature request for the template. Hopefully it will be released with the next build.


They have a demo version on the web and you can install a version to check the tool with two clients.


If you are lazy this tool will give you lots of joy. :)


http://manageengine.adventnet.com/products/device-expert/index.html


Roble

chharris41 Thu, 10/30/2008 - 16:16
User Badges:

I have LMS 3.1 as well but I can't seem to get RME to fetch the config from my ACE 4710. Any hints on how you did yours would be appreciated.


Thanks ;-)

r.sharafi Tue, 09/23/2008 - 14:09
User Badges:

Hi Roble,


Many thanks for your valuable input. I will get the demo version and check it out.


Regards,


Ramin

olgellert Wed, 09/24/2008 - 01:02
User Badges:

Well, after having a look at Cathy's script and after searching a bit around I decided to write my own script (attached here). On the way I found some alternatives, you might have a look at "rancid":


http://www.shrubbery.net/rancid/


or have a look into this forum thread:


http://www.sadikhov.com/forum/index.php?showtopic=125600


As we already have something in place to backup our routers and only have two ACE modules, I wanted a small solution, so I used "expect" and wrote a script that does the following:


- log into each of a list of ACE modules

- for each defined context on the module do:

1. log into the context

2. use the "show" commands to show the running configuration and save that to a file.

3. list all of the crypto files and save them into a directory.


I attached the script here (you must replace the hostnames of the ACE modules, the password and the path where the files are saved).


Thanks Cathy for your intial help, nice forum here. :-)


Olaf




Attachment: 
Collin Clark Fri, 10/31/2008 - 09:00
User Badges:
  • Purple, 4500 points or more

FYI-


We user Solarwinds NCM and it works like a charm archiving ACE configs.

Akhtar Samo Mon, 01/09/2012 - 05:23
User Badges:

Can you share the configuration backup scripts used in Solarwinds NCM for ACE20 ?

achrich Thu, 01/19/2012 - 05:57
User Badges:

We use NCM also...BUT no easy to way to backup each context in one go. I have to create a node for each context and modify a template to "changeto" for  each context - built from the ASA standard template. Probably easier ways but I can share if required.

Actions

This Discussion