Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1634
Views
0
Helpful
6
Replies

ASA Run Config Using SCP Does Not Transfer Entire Config

TW80CJ5
Level 3
Level 3

‎08-23-2021 12:55 PM

Hello Everyone,

 

We are using EEM to create automated backups. The EEM script works great, however, it is not transferring the entire configuration. We are getting approx 60-70KB of a 107 KB Run Config.

 

Here is my EEM Config

 

event manager applet BACKUP_BEFORE_CONFIG_CHANGE
description Backup of Config Before Changes Made
event syslog id 605005 occurs 1
action 0 cli command "copy /noconfirm running-config scp://username:password@192.168.10.45/REGION/ASA/CONFIG_CHANGE_BACKUP/ASA-FWL_BACKUP_BEFORE_CONFIG_CHANGE"
output none
!
event manager applet DAILY_RUN_CONFIG_BACKUP
event timer watchdog time 86400
action 0 cli command "copy /noconfirm running-config scp://username:password@192.168.10.45/REGION/ASA/RUN/ASA-FWL_RUN_CONFIG"
output none
!
event manager applet DAILY_STARTUP_CONFIG_BACKUP
event timer watchdog time 86430
action 0 cli command "copy /noconfirm start scp://username:password@192.168.10.45/REGION/ASA/START/ASA-FWL_START_CONFIG"
output none
!

 

 

Even when trying to manually copy the run config using scp, we get a partiall config. We are using SolarWinds SCP Server and are successfully able to transfer run / start configs in their entirety to the SCP Server.

 

Ideas?????????

0 Helpful
6 Replies 6

TW80CJ5
Level 3
Level 3

‎08-23-2021 01:25 PM

OK.....when I do the manual copy of a run config to the scp server, the CLI says it copies 109284 bytes to the SCP Server, which is the full file size. I transferred the same file using ASDM File Transfer utility and verified that its a full config.

 

Makes me think its not the ASA....

 

My Router and Switch are sending full configs. Full Router config is approx 45 KB. Full Switch config is approx 121 KB.

0 Helpful

Georg Pauwen
VIP
VIP

‎08-23-2021 02:15 PM

Hello,

 

the default maxrun timer of an EEM applet is 20 seconds. Although it is somewhat unlikely that the SCP transfer takes longer than that, you might want to try and set it to something higher, e.g.:

 

event syslog id 605005 occurs 1 maxrun 60

0 Helpful

TW80CJ5
Level 3
Level 3
In response to Georg Pauwen

‎08-23-2021 02:21 PM

Thanks for the suggestion, however it is not an option via CLI...
How can I incorporate the max run 60 with my configuration????
0 Helpful

Georg Pauwen
VIP
VIP
In response to TW80CJ5

‎08-23-2021 02:29 PM

Hello,

 

I don't recall exactly where you can add that, it is one of the lines in your applet, check:

 

event timer watchdog time 86400 maxrun 60

0 Helpful

TW80CJ5
Level 3
Level 3
In response to Georg Pauwen

‎08-23-2021 02:56 PM

Maxrun 60 does not appear to be an available command on the ASA.
0 Helpful

Georg Pauwen
VIP
VIP
In response to TW80CJ5

‎08-23-2021 03:12 PM

Hello,

 

my bad, it is not available on the ASA, you are right.

 

What is the output of:

 

debug event manager

 

?

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card