Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

backing up config cisco asa

Is there a way to automatically backup the ASA configurations without having to use the tftp-server command? A customer doesn't want that command because it is not secure, but I am not sure of any other way. We currently have a script on a linux machine to ssh to firewalls and run a "write net" command. Does anyone have any good instructions on how to maybe use scp or sftp to backup the running configuration? Thanks!

2 REPLIES
New Member

This link has almost what I

This link has almost what I need but it doesn't seem to work on the code version I have on the ASA:

http://informationsecuritytips.com/2009/01/use-scp-with-cisco-routers-and-firewalls-to-transfer-files/

copy flash:<file-name> scp://admin@<ip>/

First of all the running-config isn't in flash so that won't work unless I copy the running config to flash first. Then "scp" isn't an option:

asa-5515/sec/act# copy flash:running-config ?

  cache:          Copy to cache: file system
  disk0:          Copy to disk0: file system
  disk1:          Copy to disk1: file system
  flash:          Copy to flash: file system
  ftp:            Copy to ftp: file system
  running-config  Update (merge with) current system configuration
  smb:            Copy to smb: file system
  startup-config  Copy to startup configuration
  system:         Copy to system: file system
  tftp:           Copy to tftp: file system

I also need to be able to get the "more-system:running-config". Is this even possible with an ASA? Any feedback would be much appreciated.

Your customer's concern is

Your customer's concern is that TFTP isn't secure right ?

In that case you can modify your script and use the following commands :

1> Pager 0

2> more system:run

and save the output in the log file by just using BASH. This can all be done inside the SSH session so it would be secure.

hth

Manish

245
Views
0
Helpful
2
Replies
CreatePlease login to create content