Page 1 of 2
[Implemented] ASA multiple contexts backup
Posted: Mon Oct 16, 2017 5:58 pm
by PZL
Hi Guys,
We have ASA's that have 3 contexts, Can Unimus backup all configurations contexts?
Thanks,
Patrick
Re: ASA multiple contexts backup
Posted: Mon Oct 16, 2017 6:12 pm
by Tomas
Hi,
Unimus takes the output of "more system:running-config" from the ASAs.
I am not sure off the top of my head if that contains all contexts or not.
If the default behavior of ASA is not to output the config for all contexts, we will be happy to adjust the ASA driver to get it.
I think there is an "all context" alternative for the "more" command we could use.
Re: ASA multiple contexts backup
Posted: Mon Oct 16, 2017 7:04 pm
by PZL
Hi Thomas,
Yes correct the ASA does not output the config for all contexts when backing up using Umimus.
For example on the CLI I need to issue the command change context context name to access the context cli.
How long will it take for you to adjust the driver and to test?
Thanks,
Patrick
Re: ASA multiple contexts backup
Posted: Mon Oct 16, 2017 7:09 pm
by Tomas
Could you please check if "more system:running-config all context" works?
Or if there is a different way to show config for all contexts using the "more" command?
If the change is as simple as that, I can have a build with the fix ready pretty much right away.
Re: ASA multiple contexts backup
Posted: Mon Oct 16, 2017 7:31 pm
by PZL
Here you go.
asa5545-fw/admin> more ?
ERROR: % Unrecognized command
asa5545-fw/admin# more ?
ERROR: % Unrecognized command
Re: ASA multiple contexts backup
Posted: Mon Oct 16, 2017 7:42 pm
by Tomas
Could you please try to "changeto system" and then see if "more..." works?
Also do you see "context..." and "config-url..." statements in the output of "more..."?
Thanks!
Re: ASA multiple contexts backup
Posted: Mon Oct 16, 2017 8:17 pm
by PZL
asa5545-fw/admin# changeto context ctxt-general
asa5545-fw/ctxt-general# more ?
ERROR: % Unrecognized command
asa5545-fw/ctxt-general# more
Re: ASA multiple contexts backup
Posted: Mon Oct 16, 2017 8:35 pm
by Tomas
Ok, so it seems the "more" command is not supported at all by your ASA.
Does "show running-config all context" do anything useful?
Re: ASA multiple contexts backup
Posted: Mon Oct 16, 2017 8:44 pm
by PZL
asa5545-fw/admin# show running-config all con?
ERROR: % Unrecognized command
asa5545-fw/ctxt-general# show version
Cisco Adaptive Security Appliance Software Version 9.7(1) <context>
Firepower Extensible Operating System Version 2.1(1.66)
Device Manager Version 7.7(1)
Compiled on Mon 16-Jan-17 09:05 PST by builders
Re: ASA multiple contexts backup
Posted: Mon Oct 16, 2017 9:21 pm
by Tomas
EDIT: full multi-context support for ASA is now ready in Unimus.
Ok, so it seems the easy ways will not work
We will have to implement single-context vs. multi-context detection.
Then when in multi-context mode, get config from all contexts.
This will require some refactoring in the ASA backup driver.
Would it be possible to get SSH access to a multi-context ASA somewhere in a lab, against which we could do development on?
A read-only account is completely sufficient, we would need access for a day maximum.
Please contact me over a PM if this would be possible.
Thanks!