[Implemented] ASA multiple contexts backup

Post your feature requests here
PZL
Posts: 10
Joined: Mon Oct 16, 2017 5:51 pm

Mon Oct 16, 2017 5:58 pm

Hi Guys,

We have ASA's that have 3 contexts, Can Unimus backup all configurations contexts?

Thanks,

Patrick
User avatar
Tomas
Posts: 1206
Joined: Sat Jun 25, 2016 12:33 pm

Mon Oct 16, 2017 6:12 pm

Hi,

Unimus takes the output of "more system:running-config" from the ASAs.
I am not sure off the top of my head if that contains all contexts or not.

If the default behavior of ASA is not to output the config for all contexts, we will be happy to adjust the ASA driver to get it.
I think there is an "all context" alternative for the "more" command we could use.
PZL
Posts: 10
Joined: Mon Oct 16, 2017 5:51 pm

Mon Oct 16, 2017 7:04 pm

Hi Thomas,

Yes correct the ASA does not output the config for all contexts when backing up using Umimus.

For example on the CLI I need to issue the command change context context name to access the context cli.

How long will it take for you to adjust the driver and to test?

Thanks,

Patrick
User avatar
Tomas
Posts: 1206
Joined: Sat Jun 25, 2016 12:33 pm

Mon Oct 16, 2017 7:09 pm

Could you please check if "more system:running-config all context" works?
Or if there is a different way to show config for all contexts using the "more" command?

If the change is as simple as that, I can have a build with the fix ready pretty much right away.
PZL
Posts: 10
Joined: Mon Oct 16, 2017 5:51 pm

Mon Oct 16, 2017 7:31 pm

Here you go.
asa5545-fw/admin> more ?
ERROR: % Unrecognized command

asa5545-fw/admin# more ?
ERROR: % Unrecognized command
User avatar
Tomas
Posts: 1206
Joined: Sat Jun 25, 2016 12:33 pm

Mon Oct 16, 2017 7:42 pm

Could you please try to "changeto system" and then see if "more..." works?
Also do you see "context..." and "config-url..." statements in the output of "more..."?

Thanks!
PZL
Posts: 10
Joined: Mon Oct 16, 2017 5:51 pm

Mon Oct 16, 2017 8:17 pm

asa5545-fw/admin# changeto context ctxt-general
asa5545-fw/ctxt-general# more ?
ERROR: % Unrecognized command
asa5545-fw/ctxt-general# more
User avatar
Tomas
Posts: 1206
Joined: Sat Jun 25, 2016 12:33 pm

Mon Oct 16, 2017 8:35 pm

Ok, so it seems the "more" command is not supported at all by your ASA.

Does "show running-config all context" do anything useful?
PZL
Posts: 10
Joined: Mon Oct 16, 2017 5:51 pm

Mon Oct 16, 2017 8:44 pm

asa5545-fw/admin# show running-config all con?
ERROR: % Unrecognized command

asa5545-fw/ctxt-general# show version
Cisco Adaptive Security Appliance Software Version 9.7(1) <context>
Firepower Extensible Operating System Version 2.1(1.66)
Device Manager Version 7.7(1)

Compiled on Mon 16-Jan-17 09:05 PST by builders
User avatar
Tomas
Posts: 1206
Joined: Sat Jun 25, 2016 12:33 pm

Mon Oct 16, 2017 9:21 pm

EDIT: full multi-context support for ASA is now ready in Unimus.

Ok, so it seems the easy ways will not work :(

We will have to implement single-context vs. multi-context detection.
Then when in multi-context mode, get config from all contexts.

This will require some refactoring in the ASA backup driver.
Would it be possible to get SSH access to a multi-context ASA somewhere in a lab, against which we could do development on?

A read-only account is completely sufficient, we would need access for a day maximum.
Please contact me over a PM if this would be possible.

Thanks!
Post Reply