Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
414
Views
0
Helpful
5
Replies

Scheduled download of PIX config.

johnleeee
Level 1
Level 1

‎02-20-2007 01:53 AM - edited ‎03-11-2019 02:35 AM

Hi all,

Im looking for solution of downloading

configuration from our PIX with PIXOS 7.x. I know that I can configure tftp

server to upload manually config from PIX, throught ASDM or CLI.

My question is if I can configure scheduled download?

BR

jl

Labels:
0 Helpful
5 Replies 5

daviddtran
Level 1
Level 1

‎02-20-2007 03:51 AM

yes, it can be easily done with an expect script like the one below:

#! /usr/bin/expect -f

set CINTR \003 ;# ^C

set CSUSP \032 ;# ^Z

set ESC \033

set CR \r

set CS6X "\036\x"

set CZ "\032"

#---------------------------USER INPUT------------------------------------

set timeout 30

set control_d 0x04

#------------------------------------------------------------------------

set timeout 10

spawn ssh 192.168.1.1

expect Username: {

sleep 2

send "test\r"

}

expect Password: {send "ciscopix\r"}

expect CiscoPix> {send "enable\r"}

expect Password: {send "ciscopix\r"}

sleep 2

expect CiscoPix# {send "term pager 0\r" }

sleep 1

expect CiscoPix# {send "copy running tftp: \r" }

sleep 1

expect *? {send "running-config\r" }

expect *? {send "tftp_server_IP_address\r"; }

expect *? {send "running-config\r" }

expect CiscoPix# {send "\r\r" }

expect CiscoPix# {send "exit\r\r\r"}

close

or if you already have the tftp server in the config, you can use "write net". Easy isn't it?

David

CCIE Security

0 Helpful

johnleeee
Level 1
Level 1
In response to daviddtran

‎02-21-2007 03:31 AM

Hi David,

thanks for help. It is useful for me.

I have other question. How can I do this with

every time changing name of file to know

date of download.

Thanks a lot for help.

BR

jl

0 Helpful

daviddtran
Level 1
Level 1
In response to johnleeee

‎02-21-2007 04:12 AM

Hi JL,

Yes, it is very simple. You set up a crontab

on the unix to run a shell script file that will

the expect script file. You will one extra line

like this one below after the expect script is

run:

DMY=`date +%d%h%Y`

C_TIME=`date +%H%M`

mv running-config running.$C_TIME.$DMY

Easy isn't it?

David

CCIE Security

0 Helpful

johnleeee
Level 1
Level 1
In response to daviddtran

‎02-23-2007 06:19 AM

Hi David,

thanks a lot for your example..it does nice.

Its a pity that it cannot be done directly

throught snmp because PIX hasnt RW access.

Thanks a lot for every conversation you had

with me.

BR

jl

0 Helpful

daviddtran
Level 1
Level 1
In response to johnleeee

‎02-23-2007 06:29 AM

Hi JL,

I complete with you. Pix should allow snmp RW

access. I work with both Checkpoint and Juniper

Firewalls, in addition to Cisco Pix, and both

CP and Juniper allow RW snmp to the firewalls.

For security reasons, I always SNMP version 3.

Not allowing RW snmp access to the pix is just

stupid, IMHO. Not everyone is as stupid as

Cisco thinks.

I am glad I was able to help.

David

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card