[rancid] Re: RANCID with Cisco ASA's

Matt Nichols mnichols at wayport.net
Thu Apr 27 17:58:04 UTC 2006

Hi Jeff,

What does your config look like to collect from your ASA's? Are you
using a type of cisco or cat5? I have tried the type of cisco and cat5.
When looking at the logs for the ASA's rancid is reporting "End of run
not found". I am successfully collecting from a barrage of other cisco
equipment without error using the "cisco" type and default configs.
(7206 routers, 3750 layer2/3 stacks, 2950/2970 switches, 3560 POE
switches, etc.) 

The only thing that is different about the way I'm trying to collect
from our ASA's is the rancid tacacs user isn't auto enabled when it logs
into the ASA's, so rancid must enter an enable password, this is
actually working fine, I have autoenable set to 0 for the ASA's in
.cloginrc. If I run a clogin against any of the ASA's with "write term"
or "show version" it completes without error, I see it login via ssh,
enable, run the command, and exit. 

I tried substituting the command "write term" with "show conf" in the
rancid script but that didn't change anything. I suspect the rancid
script needs the "write term" command since that's the only command that
shows an ": end" at the end of the config on a PIX/ASA and there seems
to be something hard coded in the rancid script to look for that. 

Any tips would be greatly appreciated. 


-----Original Message-----
From: Jeff Wolfe [mailto:wolfe at ems.psu.edu] 
Sent: Thursday, April 27, 2006 12:46 PM
To: Matt Nichols
Subject: Re: [rancid] RANCID with Cisco ASA's

Matt Nichols wrote:
> Hello,
> Has anyone had any luck using RANCID to collect configs from Cisco ASA

> firewalls? If so, what does your RANCID config look like?

We subbed an ASA in for a PIX 525 and I didn't change anything at all on

  my rancid config. The PIX config worked just fine for us.


More information about the Rancid-discuss mailing list