Does RANCID handle Cisco PIX devices?

Hopper, Faron W. faron.hopper at capgemini.com
Tue Dec 28 17:19:19 UTC 2004 

Hello all,  I am still exploring RANCID's capabilities.  Does it have
the ablility
to back up Cisco PIX configs?  I have added the one of our PIX's names
to
the router.db file and set the type to

    pixhq:cat5:up
    pixhq2:cat5:up

thinking that it would be closer to
the catOS command line.  This is not successful.  I am using TACACS+ on
the PIX, and here is an example of what I get if I manually ssh into it.

    $ ssh -l net\-cfg\-bak 10.1.1.1
    net-cfg-bak at 10.1.1.1's password:
    Type help or '?' for a list of available commands.
    PIXHQ>
    PIXHQ> en
    Password: ********
    PIXHQ#

in my dead.letter file this is the message I get for the 2 PIXes
configured

    From: Network Config Backup <net-cfg-bak>
    Message-Id: <200412282250.iBSMoOnX027862 at netdisco.capgemini.com>
    To: rancid-fi
    Subject: config fetcher problems - fi
    Precedence: bulk

    The following routers have not been successfully contacted for
    more than 4 hours.
    -rw-r-----  1 net-cfg-bak  wheel  0 Dec 13 16:23 pixhq
    -rw-r-----  1 net-cfg-bak  wheel  0 Dec 13 16:23 pixhq2

If I use the clogin program, I can get the level 1 login prompt, but it
is not executing my show version.
This makes me think that it is waiting on some type of prompt character
that is not defined (just guessing).

    $ /usr/local/libexec/rancid/clogin -c "show version" -f
/home/net-cfg-bak/.cloginrc 10.1.1.1
    10.1.1.1
    spawn telnet 10.1.1.1
    Trying 10.1.1.1...
    telnet: connect to address 10.1.1.1: Connection refused
    telnet: Unable to connect to remote host
    spawn ssh -c 3des -x -l net-cfg-bak 10.1.1.1
    net-cfg-bak at 10.1.1.1's password:
    Type help or '?' for a list of available commands.
    PIXHQ>
    PIXHQ>
    Error: TIMEOUT reached

my .cloginrc file is as follows

    add method              *
{telnet} {ssh}
    add autoenable          *                                       {1}
    add enauser             *
{net\-cfg\-bak}
    add user                *
{net-cfg-bak}
    add password            *
{pass}

    # set ssh encryption type, dflt: 3des
    add cyphertype *                {3des}



My goal is to back up my PIX configs, does anyone have any ideas?  Can
RANCID do it?

Thanks,
Faron Hopper
Capgemini
Network Engineering
3315 North Oak Trafficway
Kansas City, MO 64116
816.459.5139
 Capgemini
Logo<outbind://13-00000000212980A687AEC2418AC5574910D993F107000D9EF3454D
8EFC4B8BFFD2B86294168100000028BA9200000D9EF3454D8EFC4B8BFFD2B86294168100
00005BA5D30000/cid:image002.jpg at 01C4D90E.F40D7A30>

More information about the Rancid-discuss mailing list