Solved: Backup of Firewall configuration

alangley2 · ‎01-03-2007

Hi, I have PIX 515e that i'd like to copy the stratup-config of to another server on our network. Can i use the tftp server to do this? I've tried the COPY startup-config TFTP: etc command but i get an error that says the stratup-config is not found.?

What is the best way to copy the config to another server as a backup?

flopez · ‎01-10-2007

the command is

write net TFTP_IP_address:filename

Make sure your TFTP server is setup properly to allow or prompt before writing and that you know the folder where the files are being kept.

Good luck.

View solution in original post

kamal-learn · ‎01-03-2007

hi

in the old version of finesse the operating system of the pix :

first you have to tell the pix where the tftp-server is located weither inside or outside , and the name of the file-config to save here the command :

pix(config)#tftp-server (inside/or outside) ip-address-of-tftp /config/file-config

specify the complete path of the file or the config yoiu wanna save.

after that tell the pix to start saving the config

pix(config)#write NET:

in the new version 7 and above you can use copy.. and you have to specify the complete path of the configuration file to save .

HTH

DO rate if it does help

alangley2 · ‎01-04-2007

Ok.. Thanks for the quick reply.

I've set up the tftp-server

tftp-server inside xxxx.xxxx.xxxx.xxxx pixconfg

and have done the

write NET tftp-server:startup-config

But i get the following error?

fw001(config)# write NET xxxx.xxxx.xxxx.xxxx:startup-config

Building configuration...

TFTP write 'pixconfg/startup-config' at xxxx.xxxx.xxxx.xxxx on interface 1

Undefined error

[FAILED]

What is the correct syntax for the write command?

Another question, can you recommend a good book for someone starting out with firewalls something like a "beginners guide to firewall configuration"?

kamal-learn · ‎01-04-2007

hi

check if the fileconfig name is correct!!

check if the path of the fileconfig is complete!!

check reachability of your TFTP server!!!

here is a url that could confirm the command i ve provided

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008072142a.shtml

for books check ciscopress web site:

http://www.ciscopress.com/articles/article.asp?p=31464&seqNum=1&rl=1

HTH

Do rate if it does help

vijayasankar · ‎01-04-2007

Hi Alan,

Try this.

Reconfigure your tftp-server command as follows( include the / the pathname of the file)

tftp-server inside xxxx.xxxx.xxxx.xxxx /pixconfg

then just issue the command "write net :" to save the pix configuration to the tftp server as the file naned pixconfig.

Here is the explanation from cisco doc.

"The path name you specify in the tftp-server is appended to the end of the IP address you specify in the configure net and write net commands. The more you specify of a file and path name with the tftp-server command, the less you need to specify with the configure net and write net commands. If you specify the full path and filename in the tftp-server command, the IP address in the configure net and write net commands can be represented with a colon ( : ). "

This is the URL for that document.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ae.html#wp1026054

Let us know the result.

Hope this helps.

-VJ

flopez · ‎01-10-2007

the command is

write net TFTP_IP_address:filename

Make sure your TFTP server is setup properly to allow or prompt before writing and that you know the folder where the files are being kept.

Good luck.

alangley2 · ‎01-10-2007

Thanks. I've finally got it to work.

I had to set up the tftp server and also add a access-list entry for the server i was sending the config to.

But at least now i can get a config listing that i can study.

thanks again