Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACE: any configuration backup solution?

Hello,

for the ACE module I did not find an easy way to create a backup for the whole configuration (running configuration and crypto material of all the contexts). Any ideas? I only found a perl backup script for Cisco ASA which I could modify:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mswlicfg.html#wp1063700

Regards, Olaf

12 REPLIES
Silver

Re: ACE: any configuration backup solution?

Hi Olaf,

I use an Expect script to backup Admin and each context. I have attached a sample script for comparison with the reference you give.

You should be able to enter commands to export the certificates/keys but only if you have enabled the exportable option.

Hope this helps

Cathy

New Member

Re: ACE: any configuration backup solution?

Hi Cathy,

I tried to download the attachment but it did not work. Can you please upload it again.

Many Thanks,

Ramin

Silver

Re: ACE: any configuration backup solution?

Hi Ramin,

Apologies for the delay - I was on leave. The download works for me - but here it is again - inline this time.

set date [exec C:\\Mywork\\UnxUtils\\date.exe "+%y%m%d"]

set configout [open C:\\ACE\\Configs\\ACE1-Test-$date.txt a]

set ip "192.168.10.91"

spawn telnet $ip

expect "login:"

sleep 1

send -- "adminTest\r"

expect "Password:"

sleep 1

send -- "whatever\r"

expect -- "Test#"

sleep 1

send -- "term len 0\r"

expect -- "Test#"

sleep 1

send -- "sh runn\r"

expect -- "Test#"

set s [split $expect_out(buffer) \n]

foreach nline $s {

if {[string first "sh runn" $nline] == 1} continue

if {[string first "Generating" $nline] == 0} continue

if {[string first "Test#" $nline] == 0} continue

if {[string first "ace1/Test#" $nline] == 0} continue

regsub -all "\r" $nline "" nline2

puts $configout "$nline2"

}

close $configout

sleep 1

send -- "term len 22\n"

expect -- "Test#"

sleep 1

send -- "exit\r"

expect -- "foreign"

expect eof

HTH

Cathy

New Member

Re: ACE: any configuration backup solution?

Hi Cathy,

Many thanks. Since I do not know much about programming I will try to get some help understanding and using the script.

I was asking myself if it is not somehow possible to access the directory where all context configurations are stored and just copy them to a FTP server.

Being able to save configuration checkpoints would also be great.

Regards,

Ramin

Bronze

Re: ACE: any configuration backup solution?

We are using DeviceExpert from ManageEngine to backup all our Equipment.

That is a really cool tool which lets you schedule backups, show difference to previous configs and at the same make sure all devices are configured based on your policies.

The only thing missing so far is dedicated ACE template. I already did a feature request for the template. Hopefully it will be released with the next build.

They have a demo version on the web and you can install a version to check the tool with two clients.

If you are lazy this tool will give you lots of joy. :)

http://manageengine.adventnet.com/products/device-expert/index.html

Roble

New Member

Re: ACE: any configuration backup solution?

We have CiscoWorks LMS3.1, RME supports ACE, ASA, FWSM , etc for archieve managment.

New Member

Re: ACE: any configuration backup solution?

I have LMS 3.1 as well but I can't seem to get RME to fetch the config from my ACE 4710. Any hints on how you did yours would be appreciated.

Thanks ;-)

New Member

Re: ACE: any configuration backup solution?

Hi Roble,

Many thanks for your valuable input. I will get the demo version and check it out.

Regards,

Ramin

New Member

Re: ACE: any configuration backup solution?

Well, after having a look at Cathy's script and after searching a bit around I decided to write my own script (attached here). On the way I found some alternatives, you might have a look at "rancid":

http://www.shrubbery.net/rancid/

or have a look into this forum thread:

http://www.sadikhov.com/forum/index.php?showtopic=125600

As we already have something in place to backup our routers and only have two ACE modules, I wanted a small solution, so I used "expect" and wrote a script that does the following:

- log into each of a list of ACE modules

- for each defined context on the module do:

1. log into the context

2. use the "show" commands to show the running configuration and save that to a file.

3. list all of the crypto files and save them into a directory.

I attached the script here (you must replace the hostnames of the ACE modules, the password and the path where the files are saved).

Thanks Cathy for your intial help, nice forum here. :-)

Olaf

Re: ACE: any configuration backup solution?

FYI-

We user Solarwinds NCM and it works like a charm archiving ACE configs.

New Member

ACE: any configuration backup solution?

Can you share the configuration backup scripts used in Solarwinds NCM for ACE20 ?

New Member

ACE: any configuration backup solution?

We use NCM also...BUT no easy to way to backup each context in one go. I have to create a node for each context and modify a template to "changeto" for  each context - built from the ASA standard template. Probably easier ways but I can share if required.

3781
Views
24
Helpful
12
Replies