Cisco ASA devices are product family designed as flexible solution that integrates firewall, voice/video security, SSL and IPSec VPN and intrusion prevention services. Like other network devices, Cisco ASA requires accurate configuration management procedures which also include scheduled configuration backups.
Unlike Cisco routers running IOS software, Cisco ASA products have additional build-in security features. These features make configuration backups more complicated. For example, you should explicitly specify an address of TFTP server which is used to copy configuration files.
To backup Cisco ASA configuration files using WinAgents HyperConf you should perform the following steps:
- Configure your Cisco ASA device to accept SSH or TELNET connections from a computerwhere WinAgents HyperConf is running.
In accordance with security principles of Cisco ASA devices, you should explicitly specify networks which can connect to your device via SSH or TELNET protocols. Enter the following command in the configuration mode to enable SSH access to your device:
ssh hostname interface - Enable configuration copying from your Cisco ASA device to TFTP server embedded in WinAgents HyperConf.
WinAgents HyperConf uses TFTP server to transfer configuration files between your device and computer. To enable configuration copying to an external TFTP server, you should execute the following command in the configuration mode:
tftp-server interface hostname
where hostname is an address of your computer and interface is the nearest device interface. - Register Cisco ASA device in HyperConf device catalogue.
To register a device in HyperConf use ‘Device->Register New Device…’ menu item or a corresponding button on the toolbar in the device catalogue. Select appropriate protocols to download and upload device configurations.
After you register the device in HyperConf, you can edit device configurations as text files and backup them manually. - Enable automatic configuration backups for your Cisco ASA device.
You should configure a backup schedule if you want to backup device configurations on a regular basis. Use ‘Device->Configure Backups…’ menu command to configure backup schedule. - Check exclusion patterns for Cisco ASA devices.
After HyperConf downloads a device configuration, it compares it with the most recent configuration backup stored in a program database. However, the device configuration can contain some unimportant strings. These strings may not be taken into account when HyperConf compares device configurations. For example, you can discard comments or configuration commands which can be changed by device oneself.
By default, WinAgents HyperConf discards string starting with an exclamation sign (!) or a colon (:). It also discards ‘ntp clock-period’ command.
You can configure excluded strings in WinAgents HyperConf program options dialog box.
Where hostname is a name or an IP address of your computer running WinAgents HyperConf and interface is an interface accepting incoming connections. If you use TELNET, execute ‘telnet hostname interface’ instead of the command above.
No comments:
Post a Comment