Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Anyone has a standard backup policy for PIX?

Hi,

Would like to check if anyone has a standard backup procedures..meaning besides "sh run,sh ver" what other commands are recommended when doing a backup of the pix configuration..

Thanks in advanced,

Cindy

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Anyone has a standard backup policy for PIX?

i wrote some perl scripts i run from a unix box that executes the 'write net' command on all my PIX'es using a cron job. i'm sure most other people use some sort of commercial back up though.

To use the 'write net' command you first have to configure your tftp server using the tftp-server command.

eg:

firewall(config)# tftp-server inside ?

configure mode commands/options:

Hostname or A.B.C.D The IP address or name of the TFTP server

Hostname or X:X:X:X::X The IPv6 address or name of the TFTP server

firewall(config)# tftp-server inside 192.168.1.1 ?

configure mode commands/options:

WORD < 127 char The path and filename of the configuration file

5 REPLIES
Gold

Re: Anyone has a standard backup policy for PIX?

i wrote some perl scripts i run from a unix box that executes the 'write net' command on all my PIX'es using a cron job. i'm sure most other people use some sort of commercial back up though.

To use the 'write net' command you first have to configure your tftp server using the tftp-server command.

eg:

firewall(config)# tftp-server inside ?

configure mode commands/options:

Hostname or A.B.C.D The IP address or name of the TFTP server

Hostname or X:X:X:X::X The IPv6 address or name of the TFTP server

firewall(config)# tftp-server inside 192.168.1.1 ?

configure mode commands/options:

WORD < 127 char The path and filename of the configuration file

Re: Anyone has a standard backup policy for PIX?

Hi,

Don't use 'sh run' when trying to do a backup. The preshare keys for VPNs are not displayed on the PIX. 'wr net' with a tftp server is a better option.

In our company we have several 501's and don't backup each one, just write down the parameters in a database.

Raphael

New Member

Re: Anyone has a standard backup policy for PIX?

write net command or using Ciscoworks if you have one implemented within your organisation to do your config backup periodically is the best solution to this. It is BAD PRACTICES not to backup your system config and writting down parameters. You should adopt BEST PRACTICES in all you do.

New Member

Re: Anyone has a standard backup policy for PIX?

I backup the config of all our Pixes by uploading the files via TFTP. I save the configs regularly. We also backup each config before and after a new change.

Gold

Re: Anyone has a standard backup policy for PIX?

Here is my script. It first reads all my PIX IP's from a file then uses those as input to run through the script for each one. If you don't know Perl (or any other language) this might not make sense. I use a second script to tar up all of my IOS and PIX configs where they are then transferred to yet another server for long term tape backup.

#!/usr/bin/perl -w

#Written by SRUE

#this script backs up all cisco pix devices via tftp

use Net::Telnet::Cisco;

$passwd = 'password';

$enable_passwd = 'password';

open (HOSTS, "/usr/local/apache2/htdocs/db/pixhosts.db");

@hosts = ;

chomp (@hosts);

foreach $pix (@hosts)

{

my $session = Net::Telnet::Cisco->new(Host => $pix, Timeout => 30);

$session->prompt('/[\$%#>] $/');

$session->login('username', $passwd);

$session->enable($enable_passwd);

$session->cmd("write mem\nwrite net\n");

}

close (HOSTS);

------------------

there's more to it than all this. I also wrote a web page where I can add/delete new IOS or PIX devices. i use perl/cgi to add those entries to their respective files where Perl reads them and backs them all up.

(btw, I really don't know much Perl, just the bare minimum imo.)

174
Views
0
Helpful
5
Replies