Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Scheduled download of PIX config.

Hi all,

Im looking for solution of downloading

configuration from our PIX with PIXOS 7.x. I know that I can configure tftp

server to upload manually config from PIX, throught ASDM or CLI.

My question is if I can configure scheduled download?

BR

jl

5 REPLIES
New Member

Re: Scheduled download of PIX config.

yes, it can be easily done with an expect script like the one below:

#! /usr/bin/expect -f

set CINTR \003 ;# ^C

set CSUSP \032 ;# ^Z

set ESC \033

set CR \r

set CS6X "\036\x"

set CZ "\032"

#---------------------------USER INPUT------------------------------------

set timeout 30

set control_d 0x04

#------------------------------------------------------------------------

set timeout 10

spawn ssh 192.168.1.1

expect Username: {

sleep 2

send "test\r"

}

expect Password: {send "ciscopix\r"}

expect CiscoPix> {send "enable\r"}

expect Password: {send "ciscopix\r"}

sleep 2

expect CiscoPix# {send "term pager 0\r" }

sleep 1

expect CiscoPix# {send "copy running tftp: \r" }

sleep 1

expect *? {send "running-config\r" }

expect *? {send "tftp_server_IP_address\r"; }

expect *? {send "running-config\r" }

expect CiscoPix# {send "\r\r" }

expect CiscoPix# {send "exit\r\r\r"}

close

or if you already have the tftp server in the config, you can use "write net". Easy isn't it?

David

CCIE Security

New Member

Re: Scheduled download of PIX config.

Hi David,

thanks for help. It is useful for me.

I have other question. How can I do this with

every time changing name of file to know

date of download.

Thanks a lot for help.

BR

jl

New Member

Re: Scheduled download of PIX config.

Hi JL,

Yes, it is very simple. You set up a crontab

on the unix to run a shell script file that will

the expect script file. You will one extra line

like this one below after the expect script is

run:

DMY=`date +%d%h%Y`

C_TIME=`date +%H%M`

mv running-config running.$C_TIME.$DMY

Easy isn't it?

David

CCIE Security

New Member

Re: Scheduled download of PIX config.

Hi David,

thanks a lot for your example..it does nice.

Its a pity that it cannot be done directly

throught snmp because PIX hasnt RW access.

Thanks a lot for every conversation you had

with me.

BR

jl

New Member

Re: Scheduled download of PIX config.

Hi JL,

I complete with you. Pix should allow snmp RW

access. I work with both Checkpoint and Juniper

Firewalls, in addition to Cisco Pix, and both

CP and Juniper allow RW snmp to the firewalls.

For security reasons, I always SNMP version 3.

Not allowing RW snmp access to the pix is just

stupid, IMHO. Not everyone is as stupid as

Cisco thinks.

I am glad I was able to help.

David

134
Views
0
Helpful
5
Replies
CreatePlease login to create content