Solved

Copy Config from router to asa

Posted on 2014-12-27
10
213 Views
Last Modified: 2015-01-02
We are remotely configuring new ASAs and need an easier way to get the old config onto the new ASA (from router). Or Best Practice ideas/suggestions/help would be GREAT Appreciated.
0
Comment
Question by:Spt_Us
10 Comments
 
LVL 77

Accepted Solution

by:
arnold earned 250 total points
ID: 40519823
I beleive cisco offers a "converter" since not all IOS versions are the same nor do all work in the same way.

One way is to use TFTP
copy tftp running
this way you can make sure the data on the TFTP server for the config the ASA will be loading is correct in terms of which interfaces/vlans/ips/etc.

There are also scripting tools that you could use to script the configuration using perl/tcl/tk, etc. i.e. it will connect to the ASA and will perform the actions you preconfigure.


When dealing with configuring remotely an error will lock you out until the device is rebooted back to its former self unless you have a dial-in console connection.
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 250 total points
ID: 40519831
Please note that the ASA is a firewall and not a router.  You cannot transfer router configuration to a firewall.  If you happen to have a PIX firewall which you are replacing with ASA then it is possible.  Refer to link below for migrating from PIX 500 series to new ASA:

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/91976-migrate-pix-to-asa.html
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40519896
ASAs have routing functionalities.

You can try copying the contents of the config then paste it in the ASA from the priviledge exec mode
ASA9config)#

This way, acceptable or compatible configuration will be applied to the ASA and incompatible functions will be discarded.

Better still, I'm assuming you're probably only interested in the routing statements. If so, just copy the routing section of the running-config and apply that to your ASA
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Spt_Us
ID: 40520476
Thanks for all the help; I took the current config "show running-config" from the live router and put into text file.  I guess I am going to have to manually do the work; my concern 'is' I want to be able to do this remotely and get as much on as I can before sending to site w/ onsite IT guy
0
 
LVL 77

Expert Comment

by:arnold
ID: 40520570
if you have a tftp server, you could copy running tftp
this way you see the content on how it is stored, and this is the same way once you make changes you can load it in.

Scripting changes/management is also frequently done, the sound of your issue is that the device was sent unconfigured and you want to configure it now remotely.
This type of situation is always ...... a slight error could render the device and whatever is connecting through it locked out.
0
 

Author Comment

by:Spt_Us
ID: 40520581
I apprciate all the suggestions; this ASA isn't going to work in this solution as there is not a T1 port connection.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40520617
I do not understand how the connection method has anything to do with preconfiguring it.
To automate you would first, export the current config to a TFTP server (local) lan connection. You can export the config to a far distant server, to the locally available TFTP server.

I guess I do not understand the T1 port connection reference.
0
 

Author Comment

by:Spt_Us
ID: 40520623
I have to have a serial port connection for a T ljne
0
 
LVL 77

Expert Comment

by:arnold
ID: 40520625
I understand what a serial Port is and a T1, I am not understanding the reason you are mentioning it.  i.e. if you do not these types of connection in the lab, you can not test the device after the configuration.

if you would provide a detailed context to what you have what you are working with and what it is you are looking to achieve, it might make the picture clearer and other avenues for solutions arise.
0
 

Author Closing Comment

by:Spt_Us
ID: 40527841
Thanks for all the suggestions.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question