Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to backup ASA 5505 2

Status
Not open for further replies.
DennisTheMenace

DennisTheMenace

IS-IT--Management
Jul 25, 2001
113
US
I have an ASA 5505 that is working great. I also have a brand new one sitting in the box.

The working ASA was config'd by a CISCO guru who knows his stuff... Unfortunately, he comes with a hefty price.

Does anyone know of the best way to copy/backup and restore to the spare so I can have a hot swap in case of any issues (and get it done BEFORE the issues arise) :eek:)?

THANKS in advance!
-Dennis

=====================
Remember - YOU ARE UNIQUE!!!... Just like EVERYONE ELSE! ;o)
 
Sort by date Sort by votes
Thank you for the reply! Any chance I could get a little more clarification on a couple of points?

Code: 
get into exec mode
I typically monitor the ASA from the Cisco ASDM Launcher. I there a way to switch to exec mode from there?

Code: 
sho run
Sounds easy enough... but then how do I "paste" this config into the backup ASA?

Will sho run also do usernames & passwords?

Thanks!
-Dennis


=====================
Remember - YOU ARE UNIQUE!!!... Just like EVERYONE ELSE! ;o)
 
Upvote 0 Downvote
All you need to do is go to tools and click on "command line interface" from there just type in show run and that will give you an output of your config. Then all that needs to be done
is open up a notepad and copy/paste it to the notepad now you have a hard copy of your config. To transfer it to the new ASA all you need to do is copy/paste from the notepad to the new ASA......hope that helps
 
Upvote 0 Downvote
Code: 
all you need to do is copy/paste from the notepad to the new ASA

Go into the new ASA at the command line interface as well, and simply paste at the prompt.... or is there a command I must run? Can I screw it up if it is done wrong?

Also, will this do the Usernames and Passwords as well?

THANKS!
-Dennis

=====================
Remember - YOU ARE UNIQUE!!!... Just like EVERYONE ELSE! ;o)
 
Upvote 0 Downvote
That won't give you passwords. Only TFTP will give you passwords.

From ASDM you can go to File-->Send running config to TFTP server. Run a TFTP server on your local machine and put the IP address of your TFTP server in the box.
 
Upvote 0 Downvote
I set up a free SolarWinds TFTP server on my PC. Was able to save the running config to a file (after turning off windows firewall). Perfect! Thank you.

Now how do I get that running config INTO the backup device. I don't see anywhere a "IMPORT RUNNING CONFIG FROM TFTP"??

-Dennis

=====================
Remember - YOU ARE UNIQUE!!!... Just like EVERYONE ELSE! ;o)
 
Upvote 0 Downvote
The best way will be go through the console port and just cut and paste from the file you TFTPed. Make sure you are in config terminal mode first. Or if you have an IP on it already telnet into it and paste onto the ASA. Then write memory and reboot.
 
Upvote 0 Downvote
Code: 
if you have an IP on it already telnet into it and paste onto the ASA

SORRY about my ignorance - but i have never used the command prompt before!

When I telnet and sign in I am at the "asa5505>" prompt. Then what? I have the file in the TFTP directory on my PC which can be opened in notepad... You don't just copy the entire content and paste it at the prompt do you?

-Dennis

=====================
Remember - YOU ARE UNIQUE!!!... Just like EVERYONE ELSE! ;o)
 
Upvote 0 Downvote
type
en
then login with the enable password (same as when you go in via the ASDM)
Then so
sho run

The copy and paste method will get passwords but it will not show them. They are encrypted. The pix will accept the encrypted passwords when they are pasted back in as long as it has the "encrypted" keyword after it.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
At the ASA5505# prompt, the SHO RUN listed configuration lines with a <-- MORE --> at the bottom of each page.

Do I continue to hit return until I get the ASA5505# prompt again and then PASTE the copied info at that prompt? Or is there a command to run first before the paste? Also, the text file contains a first and last line:

Code: 
: Saved
: Written at 14:57:49.837 EST Wed Nov 7 2007 ! ASA Version x.x(x) !
LINES OF CONFIG
: end
Do I copy those lines as well (ie the ENTIRE contents of the saved running config?)

Again, sorry about my ignorance on the command line! I typically only monitor activity using ASDM. I am not familiar with setting up and programming cisco products. Quite impressed with this groups knowledge!!

THANKS! :eek:)
-Dennis

=====================
Remember - YOU ARE UNIQUE!!!... Just like EVERYONE ELSE! ;o)
 
Upvote 0 Downvote
If you don't have the config then yes you do as above and get all the way to the end then you copy it. Then paste that into the new ASA.

To paste it in
en
config t
Then paste the config
wri mem
and away you go.

Be sure to create the self signed cert. (I believe you can do that through the ASDM - I don't use it much except for the pretty graphs.)


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
when you do a show run it won't get the passwords to your VPN groups. Those will be shown as '*'.

 
Upvote 0 Downvote
Thanks Kurthansen! I don't need to actually see them, only to paste them into the other ASA.

I will be doing this by opening the file from the TFTP saved running config in Notepad and copy/paste to the backup device as supergrrover said using CONFIG T in enable mode.

Sound right?

=====================
Remember - YOU ARE UNIQUE!!!... Just like EVERYONE ELSE! ;o)
 
Upvote 0 Downvote
It will paste the passwords as '*' for the groups if you don't do the tftp way.
 
Upvote 0 Downvote
So I have to TFTP the config into the backup device? I didn't see that on any of the menus in the ASDM...

-Dennis

=====================
Remember - YOU ARE UNIQUE!!!... Just like EVERYONE ELSE! ;o)
 
Upvote 0 Downvote
No once you TFTP the config you have all the passwords in plain text.
 
Upvote 0 Downvote
Ahhh, forgot the VPN info. They should change that. Doesn't really have a point to it.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
The vpn info won't copy???

=====================
Remember - YOU ARE UNIQUE!!!... Just like EVERYONE ELSE! ;o)
 
Upvote 0 Downvote
Just the passwords for site-to site and VPN groups. They are (as kurthansen pointed out) masked by stars in the text version. The TFTP will keep these plain text.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Miluis
  • Locked
  • Question
How necessary is an antivirus?
Replies
3
Views
318
Rick998
Rick998
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
AllenH12
  • Locked
  • Question
Bandwidth in Cisco ASA 5505
Replies
2
Views
461
AllenH12
AllenH12
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
850
intel233
intel233
gkreg
  • Locked
  • Question
asa 5500-x url filtering
Replies
0
Views
573
gkreg
gkreg

Part and Inventory Search

Sponsor

Back
Top