Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1721
Views
0
Helpful
21
Replies

Question about archived configs

Go to solution
dionjiles
Level 1
Level 1

‎03-04-2008 08:25 AM

We had a Pix Firewall device go down and we are trying to find out where do the configs get archived. Is there anyway to pull down the configs in clear text so we can pull down the encryption keys from the devices?

Labels:
0 Helpful
21 Replies 21

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to dionjiles

‎03-04-2008 01:07 PM

Ah, I think I see. When you copy the config from the PIX, the credentials come through. Unfortunately, this would require an architectural change to RME to allow for this.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to dionjiles

‎03-04-2008 01:03 PM

What command could be used to get the full config suitable for disaster recovery? As far as I know, show running will always provide a starred out isakmp key as well as things like vpdn passwords. Other passwords will be encrypted.

0 Helpful

Go to solution
dionjiles
Level 1
Level 1
In response to Joe Clarke

‎03-04-2008 01:13 PM

Okay here is the scenario. Let me know can this be done in CiscoWorks.

1) SSH to the PIX

2) wr net 192.168.10.10:Filename

This would tftp the startup configuration to the Ciscoworks server. Of course Ciscoworks would need to have a tftp server active for this to work.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to dionjiles

‎03-04-2008 01:17 PM

This is not currently possible. The trick is RME would need to be taught to pre-create the file on the TFTP server, then process the file once the download is complete. The changes would be non-trivial.

I do see a clear value for this, though. It is something you should pursue with your account team as a feature request.

0 Helpful

Go to solution
dionjiles
Level 1
Level 1
In response to Joe Clarke

‎03-04-2008 01:25 PM

No problem. Can a Tac Case be opened to request this feature request to have this done? Can you clarify what do you mean by our account team?

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to dionjiles

‎03-04-2008 01:50 PM

A feature request by TAC doesn't hold much weight. A feature request made by the sales organization which can back things up with dollar figures means a whole lot more. Typically, TAC encourages customers to talk to their account team, SE, account manager, etc. to open a PERS ticket requesting a new or enhanced feature.

0 Helpful

Go to solution
dionjiles
Level 1
Level 1
In response to Joe Clarke

‎03-04-2008 02:44 PM

Thanks for clarifying on what needs to be done on our end.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents