Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSM 4.1 - ASA Configuration Backup Files via TFTP

      I'm fairly new to CSM so this may be a newbee question.  In the "old days" we would write mem to save the running config to startup, then write net to save the running config to a defined file on an TFTP server.  But now that we use CSM, there is no write net function that happens during the process of  deploying a change to the config.  The actual config is saved in CSM somewhere since we are actually making changes to it before deploying a change, right?  But it's not in a format where I could replace a failed ASA by "copy tftp startup-config?" 

     I read where you can "Preview Configuration" and then Copy/Paste the "ASA(Full)" configuration, but there is a major flaw in that plan.  The displayed output hides all of the passwords. I.E. enable, passwd, tacacs+ or radius keys, local username password.  Beside's, Copy/Paste has never been the best option to initially configure, or to replace a failed unit.  All you are doing is hoping the running config isn't interfering with what you are pasting. (The Factory Config for DHCP comes to mind).

     Is there a function where I can export the entire configuration to a file that is the complete startup configuration?  Or, is there a function I could enable to have the ASA's periodically "Write Net?"

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions

CSM 4.1 - ASA Configuration Backup Files via TFTP

You could configure a FlexConfig for one or more ASAs in order to execute the copy command before and/or after a config push.  I just tested this on my CSM 4.2 server and it worked.  You will want to use the /noconfirm option so that the end device doesn't present interactive prompts to CSM.

3 REPLIES

CSM 4.1 - ASA Configuration Backup Files via TFTP

You could configure a FlexConfig for one or more ASAs in order to execute the copy command before and/or after a config push.  I just tested this on my CSM 4.2 server and it worked.  You will want to use the /noconfirm option so that the end device doesn't present interactive prompts to CSM.

New Member

CSM 4.1 - ASA Configuration Backup Files via TFTP

Todd,

     Thanks for the post.  I did try a "write net" like this previously, but I thought it was a once and done thing.  I just tested this again and it sure does run this evertime a change is deployed.   Excellent!  BTW, the "write net" Flex Config  works best for me since I already have my TFTP Server information confgured on each firewall.

     So, does this mean that all Flex Configs are applied again and again each time a change is deployed?

CSM 4.1 - ASA Configuration Backup Files via TFTP

In the current versions, the Flex Config is prepended/appended during each deployment.  In the upcoming 4.3 release, you will have the option to deploy each time or only when a FlexConfig is new or modified.

2343
Views
0
Helpful
3
Replies