08-09-2010 03:18 PM
Hi there,
We have multiple failover clusters that we would like to sync the DAP's/Group Policies/ACL's between. I understand that there are 2 components that are combined for, say, a DAP -- the config lines, and the dap.xml.
What I would like to do is establish a standard procedure for replicating the policies across each cluster so that our VPN users have the same portal experience wherever they terminate -- obviously some things like that are unique to each cluster like IP's, routing, and crypto maps must stay the same so its not as easy as just doing an ASDM/CLI full backup and restore.
I have successfully done this a couple of times but mostly through trial and error, by using ASDM to export some information and then importing it manually, but I`d like to script this out so doing this via command line would be key. Any suggestions? Thanks for any help!
-Chris
09-01-2010 04:36 PM
I guess I will post what we are doing so far:
Use a common prefix for all of your DAP-related ACL's -- so for us we use DAP_
access-list DAP_URL_ORACLE_SHTERM webtype permit url html://
:8080 log defaultGrab all of your CLI that relates to "dynamic-access-policy-record" + your DAP acl's.
Then, use the ASDM to backup the DAP and bookmarks only.
We then import the CLI config (ACL + the dynamic-access-policy-record) and restore the ASDM backup, in that order. We chose not to sync Group Policies, Tunnel / Connection profiles anbd the rest because they differ from gateway to gateway -- but at least this helps to provide a somewhat similar experience for the end users. You may want to think about syncing customizations and such as well.
11-15-2011 01:20 AM
Hi cculligan,
I would like to do the same thing you described.
I understand procedure is:
1)backup dap with asdm
2)copy dynamic-access-policy-record lines
3)paste dynamic-access-policy-record lines on the new ASA
4)restore zip file with dap.xml and Version.properties with ASDM on the new ASA
Do you confirm?
I don't need to reload anything, do I?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: