Backup
|
1. Connect to the firewall via Telnet, Console Cable or SSH, then go to enable mode, type in the enable password. |
ciscoasa> en Password:********* ciscoasa#
|
2. To back up the firewall you need to specify the IP address of where you want to send it(i.e. the TFTP server), what you want to call the backup, and you tie them together with a "Write Net" command. The syntax is,
write net {ip address}:{filename}
|
ciscoasa# write net 172.254.1.2:firewall_backup Building configuration... INFO: Default tftp-server not set, using highest security interface Cryptochecksum: 85c211cb 3099b392 9e7206e6 e1548bcd ! [OK] ciscoasa#
|
3. On your TFTP server you will see that a file has been received. |
|
4. If you look in the TFTP server root directory you will find the file, though it has no file extension you can open it and view it using a text editor like notepad or wordpad, just remember NOT to save it with a txt or rtf extension when you close it again. Keep it safe you will need it if you ever want to restore. |
Restore
|
1. To restore you must have already backed up the firewall earlier and have that backup in the TFTP servers root directory. |
2. Connect to the firewall via Telnet, Console Cable or SSH, then go to enable mode, type in the enable password. |
ciscoasa> en Password:********* ciscoasa# |
3. Enter configuration mode using the "conf t" command. |
ciscoasa# conf t ciscoasa(config)# |
4. Unlike when you backed up the firewall to restore the configuration you use the copy tftp start command. |
ciscoasa(config)# copy tftp start |
5. Supply it with the IP address of your TFTP Server. |
Address or name of remote host []? 172.254.1.2 |
6. Supply it with the name of the file you backed up earlier. |
Source filename []? firewall_backup |
7. The file will get copied over. |
Accessing tftp://172.254.1.2/firewall_backup...! Writing system file... ! 2974 bytes copied in 0.90 secs ciscoasa(config)# |
8. On your TFTP server you will see the file being "copied out" |
|
9. Not finished yet, the file now lives in the "Startup" configuration so its not been loaded from memory yet, the best way to do this is to reboot the firewall. To do this issue the reload command, and confirm by pressing enter. |
ciscoasa(config)# reload Proceed with reload? [confirm] ciscoasa(config)#
*** *** --- START GRACEFUL SHUTDOWN --- Shutting down isakmp Shutting down webvpn Shutting down File system
*** *** --- SHUTDOWN NOW ---
|
10. After the reboot, you will be running on the restored configuration. |
|
Note: With a Version 6 Firewall - restoring a config from TFTP simply "Merges" the new one with the config on the firewall, in most cases this is NOT what you want, to get round this place the following command at the top of the config you are restoring
clear config all
|
Backup a Cisco 5500 firewall from the ASDM
2. Browse Local.
3. Find somewhere to put the backup that you will be able to locate.
4. In this instance Ill "Backup All" > Backup.
5. Let it do its own thing > Close.
6. Take a quick look at the report > OK.
Restore a Cisco 5500 firewall from the ASDM
8. Browse Local.
9. Locate your backup and select it.
10. Next.
11. In this instance I'm just going to restore the Start-up-configuration (Note: that means I will need to reboot the firewall when restored, before the restored config takes effect) > Restore.
12. You will be asked if you want to merge or replace the config. (Note: merge is handy if there's been a couple of config changes) > I'm going to replace it.
13. Let it restore the files, then restart ASDM.
|
No comments:
Post a Comment