07-21-2008 07:37 AM
Hello,
for the ACE module I did not find an easy way to create a backup for the whole configuration (running configuration and crypto material of all the contexts). Any ideas? I only found a perl backup script for Cisco ASA which I could modify:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mswlicfg.html#wp1063700
Regards, Olaf
07-21-2008 08:10 AM
09-09-2008 06:56 AM
Hi Cathy,
I tried to download the attachment but it did not work. Can you please upload it again.
Many Thanks,
Ramin
09-16-2008 02:33 AM
Hi Ramin,
Apologies for the delay - I was on leave. The download works for me - but here it is again - inline this time.
set date [exec C:\\Mywork\\UnxUtils\\date.exe "+%y%m%d"]
set configout [open C:\\ACE\\Configs\\ACE1-Test-$date.txt a]
set ip "192.168.10.91"
spawn telnet $ip
expect "login:"
sleep 1
send -- "adminTest\r"
expect "Password:"
sleep 1
send -- "whatever\r"
expect -- "Test#"
sleep 1
send -- "term len 0\r"
expect -- "Test#"
sleep 1
send -- "sh runn\r"
expect -- "Test#"
set s [split $expect_out(buffer) \n]
foreach nline $s {
if {[string first "sh runn" $nline] == 1} continue
if {[string first "Generating" $nline] == 0} continue
if {[string first "Test#" $nline] == 0} continue
if {[string first "ace1/Test#" $nline] == 0} continue
regsub -all "\r" $nline "" nline2
puts $configout "$nline2"
}
close $configout
sleep 1
send -- "term len 22\n"
expect -- "Test#"
sleep 1
send -- "exit\r"
expect -- "foreign"
expect eof
HTH
Cathy
09-16-2008 03:42 AM
Hi Cathy,
Many thanks. Since I do not know much about programming I will try to get some help understanding and using the script.
I was asking myself if it is not somehow possible to access the directory where all context configurations are stored and just copy them to a FTP server.
Being able to save configuration checkpoints would also be great.
Regards,
Ramin
09-16-2008 04:30 AM
We are using DeviceExpert from ManageEngine to backup all our Equipment.
That is a really cool tool which lets you schedule backups, show difference to previous configs and at the same make sure all devices are configured based on your policies.
The only thing missing so far is dedicated ACE template. I already did a feature request for the template. Hopefully it will be released with the next build.
They have a demo version on the web and you can install a version to check the tool with two clients.
If you are lazy this tool will give you lots of joy. :)
http://manageengine.adventnet.com/products/device-expert/index.html
Roble
09-22-2008 01:54 PM
We have CiscoWorks LMS3.1, RME supports ACE, ASA, FWSM , etc for archieve managment.
10-30-2008 04:16 PM
I have LMS 3.1 as well but I can't seem to get RME to fetch the config from my ACE 4710. Any hints on how you did yours would be appreciated.
Thanks ;-)
09-23-2008 02:09 PM
Hi Roble,
Many thanks for your valuable input. I will get the demo version and check it out.
Regards,
Ramin
09-24-2008 01:02 AM
Well, after having a look at Cathy's script and after searching a bit around I decided to write my own script (attached here). On the way I found some alternatives, you might have a look at "rancid":
http://www.shrubbery.net/rancid/
or have a look into this forum thread:
http://www.sadikhov.com/forum/index.php?showtopic=125600
As we already have something in place to backup our routers and only have two ACE modules, I wanted a small solution, so I used "expect" and wrote a script that does the following:
- log into each of a list of ACE modules
- for each defined context on the module do:
1. log into the context
2. use the "show" commands to show the running configuration and save that to a file.
3. list all of the crypto files and save them into a directory.
I attached the script here (you must replace the hostnames of the ACE modules, the password and the path where the files are saved).
Thanks Cathy for your intial help, nice forum here. :-)
Olaf
10-31-2008 09:00 AM
FYI-
We user Solarwinds NCM and it works like a charm archiving ACE configs.
01-09-2012 05:23 AM
Can you share the configuration backup scripts used in Solarwinds NCM for ACE20 ?
01-19-2012 05:57 AM
We use NCM also...BUT no easy to way to backup each context in one go. I have to create a node for each context and modify a template to "changeto" for each context - built from the ASA standard template. Probably easier ways but I can share if required.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: