×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Backup of Firewall configuration

Answered Question
Jan 3rd, 2007
User Badges:

Hi, I have PIX 515e that i'd like to copy the stratup-config of to another server on our network. Can i use the tftp server to do this? I've tried the COPY startup-config TFTP: etc command but i get an error that says the stratup-config is not found.?


What is the best way to copy the config to another server as a backup?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
kamal-learn Wed, 01/03/2007 - 22:05
User Badges:
  • Bronze, 100 points or more

hi

in the old version of finesse the operating system of the pix :

first you have to tell the pix where the tftp-server is located weither inside or outside , and the name of the file-config to save here the command :

pix(config)#tftp-server (inside/or outside) ip-address-of-tftp /config/file-config


specify the complete path of the file or the config yoiu wanna save.


after that tell the pix to start saving the config



pix(config)#write NET:


in the new version 7 and above you can use copy.. and you have to specify the complete path of the configuration file to save .


HTH

DO rate if it does help


alangley2 Thu, 01/04/2007 - 17:10
User Badges:

Ok.. Thanks for the quick reply.


I've set up the tftp-server

tftp-server inside xxxx.xxxx.xxxx.xxxx pixconfg


and have done the

write NET tftp-server:startup-config


But i get the following error?


fw001(config)# write NET xxxx.xxxx.xxxx.xxxx:startup-config

Building configuration...

TFTP write 'pixconfg/startup-config' at xxxx.xxxx.xxxx.xxxx on interface 1

Undefined error

[FAILED]


What is the correct syntax for the write command?


Another question, can you recommend a good book for someone starting out with firewalls something like a "beginners guide to firewall configuration"?


kamal-learn Thu, 01/04/2007 - 18:22
User Badges:
  • Bronze, 100 points or more

hi

check if the fileconfig name is correct!!

check if the path of the fileconfig is complete!!

check reachability of your TFTP server!!!


here is a url that could confirm the command i ve provided

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008072142a.shtml



for books check ciscopress web site:


http://www.ciscopress.com/articles/article.asp?p=31464&seqNum=1&rl=1


HTH

Do rate if it does help

vijayasankar Thu, 01/04/2007 - 21:50
User Badges:
  • Silver, 250 points or more

Hi Alan,


Try this.

Reconfigure your tftp-server command as follows( include the / the pathname of the file)


tftp-server inside xxxx.xxxx.xxxx.xxxx /pixconfg


then just issue the command "write net :" to save the pix configuration to the tftp server as the file naned pixconfig.



Here is the explanation from cisco doc.

"The path name you specify in the tftp-server is appended to the end of the IP address you specify in the configure net and write net commands. The more you specify of a file and path name with the tftp-server command, the less you need to specify with the configure net and write net commands. If you specify the full path and filename in the tftp-server command, the IP address in the configure net and write net commands can be represented with a colon ( : ). "



This is the URL for that document.


http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ae.html#wp1026054



Let us know the result.


Hope this helps.


-VJ



alangley2 Wed, 01/10/2007 - 17:24
User Badges:

Thanks. I've finally got it to work.


I had to set up the tftp server and also add a access-list entry for the server i was sending the config to.


But at least now i can get a config listing that i can study.


thanks again

Actions

This Discussion