rwest at zyedge
Jul 24, 2012, 12:46 PM
Post #1 of 1
(326 views)
Permalink
|
|
Re: Revisiting Cisco ASA 5500 / FWSM in multiple context mode
|
|
Have a look at usercmd, you can issue the changeto command then pull the system context.
-----Original Message-----
From: rancid-discuss-bounces [at] shrubbery [mailto:rancid-discuss-bounces [at] shrubbery] On Behalf Of brain conflict
Sent: Tuesday, July 24, 2012 3:27 PM
To: Richard Laxton
Cc: rancid-discuss [at] shrubbery
Subject: Re: [rancid] Revisiting Cisco ASA 5500 / FWSM in multiple context mode
Richard,
My advice for the multi-context ASA question is to start with backing up each context, along with the Admin context individually.
Even Cisco doesn't really offer a "Back up entire device", which is likely why you have to "changeto" each context. Unless Cisco offers a unique command like "more system:running-config" for the whole device, you're pretty limited there. But to be honest, to restore the entire device config, the only way I know is to back up the FLASH to a CF card local to the unit (disk1:). There's not a single config file that you can deploy (that I know of) to "paste" or copy into flash that will correctly re-create all of the contexts AND configure each one as needed.
Hope this helps!
On Tue, Jul 24, 2012 at 11:59 AM, Richard Laxton <Richard.Laxton [at] applicable> wrote:
> Hi everyone,
>
> Forgive me if I'm breaching etiquette here, I've never posted to a
> mailling list before. I'm eager to get a resolution to the issue of
> how to grab the "system" context configuration when using ASA in multiple context mode.
>
> I've accommodated the individual contexts by simply adding them to
> router.db as additional 'cisco' devices and ensuring that they are
> reachable on an interface from RANCID. I'm (personally) happy with that solution.
>
> The issue I've got is then how to get into the system context reliably.
>
> I've copied rancid to asarancid and added it to rancid-fe as "asa" -
> I've then added my firewall as firewall:asa:up in router.db.
>
> Inside asarancid I've trimmed the commandtable down a bit for now, to
> get
> started:
>
> @commandtable = (
> {'changeto system' => 'DoNothing'},
> {'show version' => 'ShowVersion'},
> {'show boot' => 'ShowBoot'},
> {'show flash' => 'ShowFlash'},
> {'show running-config' => 'WriteTerm'}, );
>
> In order to bypass the "prompt has changed" issue, I've simply
> commented out those lines, however it then rejects the 'changeto
> system' command as
> follows:
>
> firewall: found unexpected command - "changeto system"
>
> I'm unable to resolve how I define this as an expected command.
>
> Can you please assist me in my endeavours? I'll post the script at the
> end for anyone who may find it useful, or alternatively if anyone has
> resolved this could you kindly provide me a copy of your own scripts?
> I've tried a web search and searching on the web interface but despite
> some comments about people looking at this before I can't see any
> (obvious) place where a user script has been published.
>
> Thanks,
>
> Rich.
>
> ________________________________
> This electronic message contains information from Applicable, which
> may be privileged or confidential. The information is intended for use
> only by the
> individual(s) or entity named above. If you are not the intended
> recipient, be aware that any disclosure, copying, distribution or use
> of the contents of this information is strictly prohibited. If you
> have received this electronic message in error, please notify the
> sender. Activity and use of the Applicable Ltd e-mail system is
> monitored to secure its effective operation and for other lawful
> business purposes. Communications using this system will also be
> monitored and may be recorded to secure effective operation and for
> other lawful business purposes. Applicable Ltd. Registered
> office: 5-6 Northumberland Buildings, Queen Square, Bath, Somerset, BA1 2JE.
> Registered in England no: 03426111
> ________________________________
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss [at] shrubbery
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
|
