First time posting a new question. I have many customers that have ASA in HA with Dual ssm-10 or 20s. I want to know if anyone out there has a script already created that will,
1. Connect to the IPS running on the ACTIVE ASA and pull the config.
2. Run a 'Search AND Replace' for the specific IP address of the Sensor (e.g. 10.1.1.50/24 10.1.1.1) and replace it with the standby IPS' IP Address.
3. Run a 'Search AND Replace' for the 'host-name' and replace that with the standby's hostname.
4. Then TFTP the NEW config to the secondary IPS.
This would insure that all the changes, exceptions etc are the same on both boxes. You could then run a cron that would do this regularly. I found this code snippet online and modified it. I am in the process of teaching myself Perl since I have seen the benefits of it, but for now I fummble along. I was able to get the first part to work. It matches the IP exactly as it appears there (would be nicer to be able to look for ANY string after the host-ip).
****** SNIPPET *******
use strict; use warnings; use File::Find;
my $startdir = 'c:\ips-test'; my $find = 'host-ip 10\.1\.1\.50'; my $replace = 'host-ip 10.1.1.51'; my $doctype = 'txt';
print qq~Finding "$find" and replacing it with "$replace"\n~;
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...