Solved

Copy Config from router to asa

Posted on 2014-12-27
10
204 Views
Last Modified: 2015-01-02
We are remotely configuring new ASAs and need an easier way to get the old config onto the new ASA (from router). Or Best Practice ideas/suggestions/help would be GREAT Appreciated.
0
Comment
Question by:Spt_Us
10 Comments
 
LVL 76

Accepted Solution

by:
arnold earned 250 total points
ID: 40519823
I beleive cisco offers a "converter" since not all IOS versions are the same nor do all work in the same way.

One way is to use TFTP
copy tftp running
this way you can make sure the data on the TFTP server for the config the ASA will be loading is correct in terms of which interfaces/vlans/ips/etc.

There are also scripting tools that you could use to script the configuration using perl/tcl/tk, etc. i.e. it will connect to the ASA and will perform the actions you preconfigure.


When dealing with configuring remotely an error will lock you out until the device is rebooted back to its former self unless you have a dial-in console connection.
0
 
LVL 24

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 250 total points
ID: 40519831
Please note that the ASA is a firewall and not a router.  You cannot transfer router configuration to a firewall.  If you happen to have a PIX firewall which you are replacing with ASA then it is possible.  Refer to link below for migrating from PIX 500 series to new ASA:

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/91976-migrate-pix-to-asa.html
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40519896
ASAs have routing functionalities.

You can try copying the contents of the config then paste it in the ASA from the priviledge exec mode
ASA9config)#

This way, acceptable or compatible configuration will be applied to the ASA and incompatible functions will be discarded.

Better still, I'm assuming you're probably only interested in the routing statements. If so, just copy the routing section of the running-config and apply that to your ASA
0
 

Author Comment

by:Spt_Us
ID: 40520476
Thanks for all the help; I took the current config "show running-config" from the live router and put into text file.  I guess I am going to have to manually do the work; my concern 'is' I want to be able to do this remotely and get as much on as I can before sending to site w/ onsite IT guy
0
 
LVL 76

Expert Comment

by:arnold
ID: 40520570
if you have a tftp server, you could copy running tftp
this way you see the content on how it is stored, and this is the same way once you make changes you can load it in.

Scripting changes/management is also frequently done, the sound of your issue is that the device was sent unconfigured and you want to configure it now remotely.
This type of situation is always ...... a slight error could render the device and whatever is connecting through it locked out.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:Spt_Us
ID: 40520581
I apprciate all the suggestions; this ASA isn't going to work in this solution as there is not a T1 port connection.
0
 
LVL 76

Expert Comment

by:arnold
ID: 40520617
I do not understand how the connection method has anything to do with preconfiguring it.
To automate you would first, export the current config to a TFTP server (local) lan connection. You can export the config to a far distant server, to the locally available TFTP server.

I guess I do not understand the T1 port connection reference.
0
 

Author Comment

by:Spt_Us
ID: 40520623
I have to have a serial port connection for a T ljne
0
 
LVL 76

Expert Comment

by:arnold
ID: 40520625
I understand what a serial Port is and a T1, I am not understanding the reason you are mentioning it.  i.e. if you do not these types of connection in the lab, you can not test the device after the configuration.

if you would provide a detailed context to what you have what you are working with and what it is you are looking to achieve, it might make the picture clearer and other avenues for solutions arise.
0
 

Author Closing Comment

by:Spt_Us
ID: 40527841
Thanks for all the suggestions.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now