[rancid] Revisiting Cisco ASA 5500 / FWSM in multiple context mode

brain conflict brconflict at gmail.com
Tue Jul 24 19:27:14 UTC 2012 

Richard,
   My advice for the multi-context ASA question is to start with
backing up each context, along with the Admin context individually.
Even Cisco doesn't really offer a "Back up entire device", which is
likely why you have to "changeto" each context. Unless Cisco offers a
unique command like "more system:running-config" for the whole device,
you're pretty limited there. But to be honest, to restore the entire
device config, the only way I know is to back up the FLASH to a CF
card local to the unit (disk1:). There's not a single config file that
you can deploy (that I know of) to "paste" or copy into flash that
will correctly re-create all of the contexts AND configure each one as
needed.

Hope this helps!

On Tue, Jul 24, 2012 at 11:59 AM, Richard Laxton
<Richard.Laxton at applicable.com> wrote:
> Hi everyone,
>
> Forgive me if I'm breaching etiquette here, I've never posted to a mailling
> list before. I'm eager to get a resolution to the issue of how to grab the
> "system" context configuration when using ASA in multiple context mode.
>
> I've accommodated the individual contexts by simply adding them to router.db
> as additional 'cisco' devices and ensuring that they are reachable on an
> interface from RANCID. I'm (personally) happy with that solution.
>
> The issue I've got is then how to get into the system context reliably.
>
> I've copied rancid to asarancid and added it to rancid-fe as "asa" - I've
> then added my firewall as firewall:asa:up in router.db.
>
> Inside asarancid I've trimmed the commandtable down a bit for now, to get
> started:
>
> @commandtable = (
> {'changeto system' => 'DoNothing'},
> {'show version' => 'ShowVersion'},
> {'show boot' => 'ShowBoot'},
> {'show flash' => 'ShowFlash'},
> {'show running-config' => 'WriteTerm'},
> );
>
> In order to bypass the "prompt has changed" issue, I've simply commented out
> those lines, however it then rejects the 'changeto system' command as
> follows:
>
> firewall: found unexpected command - "changeto system"
>
> I'm unable to resolve how I define this as an expected command.
>
> Can you please assist me in my endeavours? I'll post the script at the end
> for anyone who may find it useful, or alternatively if anyone has resolved
> this could you kindly provide me a copy of your own scripts? I've tried a
> web search and searching on the web interface but despite some comments
> about people looking at this before I can't see any (obvious) place where a
> user script has been published.
>
> Thanks,
>
> Rich.
>
> ________________________________
> This electronic message contains information from Applicable, which may be
> privileged or confidential. The information is intended for use only by the
> individual(s) or entity named above. If you are not the intended recipient,
> be aware that any disclosure, copying, distribution or use of the contents
> of this information is strictly prohibited. If you have received this
> electronic message in error, please notify the sender. Activity and use of
> the Applicable Ltd e-mail system is monitored to secure its effective
> operation and for other lawful business purposes. Communications using this
> system will also be monitored and may be recorded to secure effective
> operation and for other lawful business purposes. Applicable Ltd. Registered
> office: 5-6 Northumberland Buildings, Queen Square, Bath, Somerset, BA1 2JE.
> Registered in England no: 03426111
> ________________________________
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

More information about the Rancid-discuss mailing list