Pokemon Go was just recently released in Southeast Asia (it almost got banned in some countries) and the game craze is phenomenal. Kids and adults (including me) hang out at popular Poke Stops and Poke Gyms. There's even Pokemon Lure parties being organized everywhere. I hope to catch 'em all soon!
My daughter Sophia and I try to catch Pokemons together in parks and even inside our home since there's always a Pokemon lure near our place.
I was initially doing manual backup on all our ASA security context, which was quite tedious even though we only have several ASA firewalls across the Asia Pacific (APAC) region. But when our monitoring was migrated to Solarwinds, we were able to leverage and use the Network Configuration Manager (NCM) for backing up ASA contexts.
You should configure SNMP and AAA on each ASA context in order for NCM to pull up its configuration. Other core configuration for this setup are creating the Layer 2 VLAN on the switch, Layer 3 IP address for the VLAN gateway (I used a /27 IP subnet to have 30 hosts or ASA contexts), routing to Solarwinds server and a Layer 3 subinterface on the individual ASA context.
Switch
vlan 999
name Solarwinds
Router
interface GigabitEthernet0/0.999
description Solarwinds Monitoring Interface
encapsulation dot1Q 999
ip address 172.27.255.129 255.255.255.224
ASA
changeto system
<SYSTEM>
interface GigabitEthernet0/1.999
description Solarwinds Monitoring Interface
vlan 999
context CUSTOMER-A
allocate-interface GigabitEthernet0/1.999
changeto context CUSTOMER-A
<CUSTOMER-A>
username admin password Passw0rd! privilege 15
interface GigabitEthernet0/1.999
nameif Solarwinds
security-level 100
ip address 172.27.255.130 255.255.255.224
route Solarwinds 10.111.0.0 255.255.255.0 172.27.255.129
ssh 10.111.0.0 255.255.255.0 Solarwinds
snmp-server group MyGroup v3 priv
snmp-server user Admin MyGroup v3 auth md5 Passw0rd! priv aes 128 Passw0rd!
snmp-server host Solarwinds 10.111.0.71 version 3 Admin
crypto key generate rsa modulus 2048
aaa-server ACS protocol tacacs+
aaa-server ACS (Solarwinds) host 10.111.0.99
key Passw0rd!
aaa authentication http console ACS LOCAL
aaa authentication ssh console ACS LOCAL
aaa authentication telnet console ACS LOCAL
aaa authentication enable console ACS LOCAL
aaa authorization command ACS LOCAL
I was able to poll the individual ASA context via SNMP and download both the running and startup config.
My daughter Sophia and I try to catch Pokemons together in parks and even inside our home since there's always a Pokemon lure near our place.
I was initially doing manual backup on all our ASA security context, which was quite tedious even though we only have several ASA firewalls across the Asia Pacific (APAC) region. But when our monitoring was migrated to Solarwinds, we were able to leverage and use the Network Configuration Manager (NCM) for backing up ASA contexts.
You should configure SNMP and AAA on each ASA context in order for NCM to pull up its configuration. Other core configuration for this setup are creating the Layer 2 VLAN on the switch, Layer 3 IP address for the VLAN gateway (I used a /27 IP subnet to have 30 hosts or ASA contexts), routing to Solarwinds server and a Layer 3 subinterface on the individual ASA context.
Switch
vlan 999
name Solarwinds
Router
interface GigabitEthernet0/0.999
description Solarwinds Monitoring Interface
encapsulation dot1Q 999
ip address 172.27.255.129 255.255.255.224
ASA
changeto system
<SYSTEM>
interface GigabitEthernet0/1.999
description Solarwinds Monitoring Interface
vlan 999
context CUSTOMER-A
allocate-interface GigabitEthernet0/1.999
changeto context CUSTOMER-A
<CUSTOMER-A>
username admin password Passw0rd! privilege 15
interface GigabitEthernet0/1.999
nameif Solarwinds
security-level 100
ip address 172.27.255.130 255.255.255.224
route Solarwinds 10.111.0.0 255.255.255.0 172.27.255.129
ssh 10.111.0.0 255.255.255.0 Solarwinds
snmp-server group MyGroup v3 priv
snmp-server user Admin MyGroup v3 auth md5 Passw0rd! priv aes 128 Passw0rd!
snmp-server host Solarwinds 10.111.0.71 version 3 Admin
crypto key generate rsa modulus 2048
aaa-server ACS protocol tacacs+
aaa-server ACS (Solarwinds) host 10.111.0.99
key Passw0rd!
aaa authentication http console ACS LOCAL
aaa authentication ssh console ACS LOCAL
aaa authentication telnet console ACS LOCAL
aaa authentication enable console ACS LOCAL
aaa authorization command ACS LOCAL
I was able to poll the individual ASA context via SNMP and download both the running and startup config.
No comments:
Post a Comment