Your customer's concern is

Benjamin Saito · ‎08-27-2014

Is there a way to automatically backup the ASA configurations without having to use the tftp-server command? A customer doesn't want that command because it is not secure, but I am not sure of any other way. We currently have a script on a linux machine to ssh to firewalls and run a "write net" command. Does anyone have any good instructions on how to maybe use scp or sftp to backup the running configuration? Thanks!

Benjamin Saito · ‎08-27-2014

This link has almost what I need but it doesn't seem to work on the code version I have on the ASA:

http://informationsecuritytips.com/2009/01/use-scp-with-cisco-routers-and-firewalls-to-transfer-files/

copy flash:<file-name> scp://admin@<ip>/

First of all the running-config isn't in flash so that won't work unless I copy the running config to flash first. Then "scp" isn't an option:

asa-5515/sec/act# copy flash:running-config ?

cache:          Copy to cache: file system
disk0:          Copy to disk0: file system
disk1:          Copy to disk1: file system
flash:          Copy to flash: file system
ftp:            Copy to ftp: file system
running-config Update (merge with) current system configuration
smb:            Copy to smb: file system
startup-config Copy to startup configuration
system:         Copy to system: file system
tftp:           Copy to tftp: file system

I also need to be able to get the "more-system:running-config". Is this even possible with an ASA? Any feedback would be much appreciated.

manish arora · ‎08-27-2014

Your customer's concern is that TFTP isn't secure right ?

In that case you can modify your script and use the following commands :

1> Pager 0

2> more system:run

and save the output in the log file by just using BASH. This can all be done inside the SSH session so it would be secure.

hth

Manish

backing up config cisco asa