cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5186
Views
24
Helpful
12
Replies

ACE: any configuration backup solution?

olgellert
Level 1
Level 1

Hello,

for the ACE module I did not find an easy way to create a backup for the whole configuration (running configuration and crypto material of all the contexts). Any ideas? I only found a perl backup script for Cisco ASA which I could modify:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mswlicfg.html#wp1063700

Regards, Olaf

12 Replies 12

ciscocsoc
Level 4
Level 4

Hi Olaf,

I use an Expect script to backup Admin and each context. I have attached a sample script for comparison with the reference you give.

You should be able to enter commands to export the certificates/keys but only if you have enabled the exportable option.

Hope this helps

Cathy

Hi Cathy,

I tried to download the attachment but it did not work. Can you please upload it again.

Many Thanks,

Ramin

Hi Ramin,

Apologies for the delay - I was on leave. The download works for me - but here it is again - inline this time.

set date [exec C:\\Mywork\\UnxUtils\\date.exe "+%y%m%d"]

set configout [open C:\\ACE\\Configs\\ACE1-Test-$date.txt a]

set ip "192.168.10.91"

spawn telnet $ip

expect "login:"

sleep 1

send -- "adminTest\r"

expect "Password:"

sleep 1

send -- "whatever\r"

expect -- "Test#"

sleep 1

send -- "term len 0\r"

expect -- "Test#"

sleep 1

send -- "sh runn\r"

expect -- "Test#"

set s [split $expect_out(buffer) \n]

foreach nline $s {

if {[string first "sh runn" $nline] == 1} continue

if {[string first "Generating" $nline] == 0} continue

if {[string first "Test#" $nline] == 0} continue

if {[string first "ace1/Test#" $nline] == 0} continue

regsub -all "\r" $nline "" nline2

puts $configout "$nline2"

}

close $configout

sleep 1

send -- "term len 22\n"

expect -- "Test#"

sleep 1

send -- "exit\r"

expect -- "foreign"

expect eof

HTH

Cathy

Hi Cathy,

Many thanks. Since I do not know much about programming I will try to get some help understanding and using the script.

I was asking myself if it is not somehow possible to access the directory where all context configurations are stored and just copy them to a FTP server.

Being able to save configuration checkpoints would also be great.

Regards,

Ramin

We are using DeviceExpert from ManageEngine to backup all our Equipment.

That is a really cool tool which lets you schedule backups, show difference to previous configs and at the same make sure all devices are configured based on your policies.

The only thing missing so far is dedicated ACE template. I already did a feature request for the template. Hopefully it will be released with the next build.

They have a demo version on the web and you can install a version to check the tool with two clients.

If you are lazy this tool will give you lots of joy. :)

http://manageengine.adventnet.com/products/device-expert/index.html

Roble

We have CiscoWorks LMS3.1, RME supports ACE, ASA, FWSM , etc for archieve managment.

I have LMS 3.1 as well but I can't seem to get RME to fetch the config from my ACE 4710. Any hints on how you did yours would be appreciated.

Thanks ;-)

Hi Roble,

Many thanks for your valuable input. I will get the demo version and check it out.

Regards,

Ramin

Well, after having a look at Cathy's script and after searching a bit around I decided to write my own script (attached here). On the way I found some alternatives, you might have a look at "rancid":

http://www.shrubbery.net/rancid/

or have a look into this forum thread:

http://www.sadikhov.com/forum/index.php?showtopic=125600

As we already have something in place to backup our routers and only have two ACE modules, I wanted a small solution, so I used "expect" and wrote a script that does the following:

- log into each of a list of ACE modules

- for each defined context on the module do:

1. log into the context

2. use the "show" commands to show the running configuration and save that to a file.

3. list all of the crypto files and save them into a directory.

I attached the script here (you must replace the hostnames of the ACE modules, the password and the path where the files are saved).

Thanks Cathy for your intial help, nice forum here. :-)

Olaf

FYI-

We user Solarwinds NCM and it works like a charm archiving ACE configs.

Can you share the configuration backup scripts used in Solarwinds NCM for ACE20 ?

We use NCM also...BUT no easy to way to backup each context in one go. I have to create a node for each context and modify a template to "changeto" for  each context - built from the ASA standard template. Probably easier ways but I can share if required.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: