[rancid] Revisiting Cisco ASA 5500 / FWSM in multiple context mode

Ryan West rwest at zyedge.com
Tue Jul 24 19:46:39 UTC 2012


Have a look at usercmd, you can issue the changeto command then pull the system context.

-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of brain conflict
Sent: Tuesday, July 24, 2012 3:27 PM
To: Richard Laxton
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Revisiting Cisco ASA 5500 / FWSM in multiple context mode

Richard,
   My advice for the multi-context ASA question is to start with backing up each context, along with the Admin context individually.
Even Cisco doesn't really offer a "Back up entire device", which is likely why you have to "changeto" each context. Unless Cisco offers a unique command like "more system:running-config" for the whole device, you're pretty limited there. But to be honest, to restore the entire device config, the only way I know is to back up the FLASH to a CF card local to the unit (disk1:). There's not a single config file that you can deploy (that I know of) to "paste" or copy into flash that will correctly re-create all of the contexts AND configure each one as needed.

Hope this helps!

On Tue, Jul 24, 2012 at 11:59 AM, Richard Laxton <Richard.Laxton at applicable.com> wrote:
> Hi everyone,
>
> Forgive me if I'm breaching etiquette here, I've never posted to a 
> mailling list before. I'm eager to get a resolution to the issue of 
> how to grab the "system" context configuration when using ASA in multiple context mode.
>
> I've accommodated the individual contexts by simply adding them to 
> router.db as additional 'cisco' devices and ensuring that they are 
> reachable on an interface from RANCID. I'm (personally) happy with that solution.
>
> The issue I've got is then how to get into the system context reliably.
>
> I've copied rancid to asarancid and added it to rancid-fe as "asa" - 
> I've then added my firewall as firewall:asa:up in router.db.
>
> Inside asarancid I've trimmed the commandtable down a bit for now, to 
> get
> started:
>
> @commandtable = (
> {'changeto system' => 'DoNothing'},
> {'show version' => 'ShowVersion'},
> {'show boot' => 'ShowBoot'},
> {'show flash' => 'ShowFlash'},
> {'show running-config' => 'WriteTerm'}, );
>
> In order to bypass the "prompt has changed" issue, I've simply 
> commented out those lines, however it then rejects the 'changeto 
> system' command as
> follows:
>
> firewall: found unexpected command - "changeto system"
>
> I'm unable to resolve how I define this as an expected command.
>
> Can you please assist me in my endeavours? I'll post the script at the 
> end for anyone who may find it useful, or alternatively if anyone has 
> resolved this could you kindly provide me a copy of your own scripts? 
> I've tried a web search and searching on the web interface but despite 
> some comments about people looking at this before I can't see any 
> (obvious) place where a user script has been published.
>
> Thanks,
>
> Rich.
>
> ________________________________
> This electronic message contains information from Applicable, which 
> may be privileged or confidential. The information is intended for use 
> only by the
> individual(s) or entity named above. If you are not the intended 
> recipient, be aware that any disclosure, copying, distribution or use 
> of the contents of this information is strictly prohibited. If you 
> have received this electronic message in error, please notify the 
> sender. Activity and use of the Applicable Ltd e-mail system is 
> monitored to secure its effective operation and for other lawful 
> business purposes. Communications using this system will also be 
> monitored and may be recorded to secure effective operation and for 
> other lawful business purposes. Applicable Ltd. Registered
> office: 5-6 Northumberland Buildings, Queen Square, Bath, Somerset, BA1 2JE.
> Registered in England no: 03426111
> ________________________________
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


More information about the Rancid-discuss mailing list