I was asked to backup an ASA 5510 firewall at work. This is in preparation for a possible upgrade to a 5525-X platform. A quick way to do this is via TFTP and using the write net command. We first make sure the TFTP server is reachable.
ciscoasa# ping 10.1.1.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
ciscoasa# write ?
erase Clear flash memory configuration
memory Save active configuration to the flash
net Save the active configuration to the tftp server
standby Save the active configuration on the active unit to the flash on
the standby unit
terminal Display the current active configuration
<cr>
ciscoasa# write net ?
WORD IP address of tftp server and file name <tftp_ip>:<file>. Place IPv6
address within square brackets.
<cr>
ciscoasa# write net 10.1.1.10:fw-config
Building configuration...
INFO: Default tftp-server not set, using highest security interface
Cryptochecksum: d18a5c1b a5542172 28c35cc0 5caa7ab3
!
[OK]
Once successfully transferred,
it is preferred to open the backup file using a Word Pad. Alternatively, you can also use the more system command to view the ASA config. You can start copy and pasting the command lines to the new ASA device.
ciscoasa# more system:running-config
Cryptochecksum: d18a5c1b a5542172 28c35cc0 5caa7ab3
: Saved
: Written by enable_15 at 07:26:14.259 UTC Wed Mar 19 2014
!
ASA Version 8.4(2)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
<OUTPUT TRUNCATED>
To restore the ASA config, you issue the copy tftp startup-config command and perform a reload on the box.
ciscoasa# copy tftp startup-config
Address or name of remote host [10.1.1.10]?
Source filename [asdm-649.bin]? fw-config
Accessing tftp://10.1.1.10/fw-config...!
Writing system file...
!
2229 bytes copied in 0.20 secs
ciscoasa# reload
Proceed with reload? [confirm]
The same can be done using the ASDM (also restore startup-config). The ASA device uses a .zip compressed file.
Finally, reload the ASA device.
No comments:
Post a Comment