cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
901
Views
0
Helpful
5
Replies

Anyone has a standard backup policy for PIX?

cindylee27
Level 1
Level 1

Hi,

Would like to check if anyone has a standard backup procedures..meaning besides "sh run,sh ver" what other commands are recommended when doing a backup of the pix configuration..

Thanks in advanced,

Cindy

1 Accepted Solution

Accepted Solutions

srue
Level 7
Level 7

i wrote some perl scripts i run from a unix box that executes the 'write net' command on all my PIX'es using a cron job. i'm sure most other people use some sort of commercial back up though.

To use the 'write net' command you first have to configure your tftp server using the tftp-server command.

eg:

firewall(config)# tftp-server inside ?

configure mode commands/options:

Hostname or A.B.C.D The IP address or name of the TFTP server

Hostname or X:X:X:X::X The IPv6 address or name of the TFTP server

firewall(config)# tftp-server inside 192.168.1.1 ?

configure mode commands/options:

WORD < 127 char The path and filename of the configuration file

View solution in original post

5 Replies 5

srue
Level 7
Level 7

i wrote some perl scripts i run from a unix box that executes the 'write net' command on all my PIX'es using a cron job. i'm sure most other people use some sort of commercial back up though.

To use the 'write net' command you first have to configure your tftp server using the tftp-server command.

eg:

firewall(config)# tftp-server inside ?

configure mode commands/options:

Hostname or A.B.C.D The IP address or name of the TFTP server

Hostname or X:X:X:X::X The IPv6 address or name of the TFTP server

firewall(config)# tftp-server inside 192.168.1.1 ?

configure mode commands/options:

WORD < 127 char The path and filename of the configuration file

Hi,

Don't use 'sh run' when trying to do a backup. The preshare keys for VPNs are not displayed on the PIX. 'wr net' with a tftp server is a better option.

In our company we have several 501's and don't backup each one, just write down the parameters in a database.

Raphael

write net command or using Ciscoworks if you have one implemented within your organisation to do your config backup periodically is the best solution to this. It is BAD PRACTICES not to backup your system config and writting down parameters. You should adopt BEST PRACTICES in all you do.

flopez
Level 1
Level 1

I backup the config of all our Pixes by uploading the files via TFTP. I save the configs regularly. We also backup each config before and after a new change.

Here is my script. It first reads all my PIX IP's from a file then uses those as input to run through the script for each one. If you don't know Perl (or any other language) this might not make sense. I use a second script to tar up all of my IOS and PIX configs where they are then transferred to yet another server for long term tape backup.

#!/usr/bin/perl -w

#Written by SRUE

#this script backs up all cisco pix devices via tftp

use Net::Telnet::Cisco;

$passwd = 'password';

$enable_passwd = 'password';

open (HOSTS, "/usr/local/apache2/htdocs/db/pixhosts.db");

@hosts = ;

chomp (@hosts);

foreach $pix (@hosts)

{

my $session = Net::Telnet::Cisco->new(Host => $pix, Timeout => 30);

$session->prompt('/[\$%#>] $/');

$session->login('username', $passwd);

$session->enable($enable_passwd);

$session->cmd("write mem\nwrite net\n");

}

close (HOSTS);

------------------

there's more to it than all this. I also wrote a web page where I can add/delete new IOS or PIX devices. i use perl/cgi to add those entries to their respective files where Perl reads them and backs them all up.

(btw, I really don't know much Perl, just the bare minimum imo.)

Review Cisco Networking for a $25 gift card