Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1819
Views
0
Helpful
0
Replies

ASA and the boot config command from CLI

FlorianCokl
Level 1
Level 1

‎05-12-2016 06:53 AM - edited ‎03-12-2019 12:44 AM

Hello Guys

I wanted to use this forum to collect experience from others about using the boot config command i.e. setting a boot variable to load from a different config file.

Here is what I've found out:

Usually the startup-config is NOT visible on the ASA. Once you set the boot variable (either through CLI or ASDM) the startup-config becomes "just visible" in flash.

I recently had a situation - needed to change IP-Adresses and routing on the outside interface of an ASA without having access to the console - just SSH and or ASDM. Here is what I've found out - what I did.

  1. Copied some text-file to the flash
  2. Saved the running-config
  3. Changed the boot-variable to the name of "some text-file"
  4. Saved the running-config

Now - the "some text-file" in flash would be overwritten with the actual running-config of the ASA - ok.

Try this at home, in the lab, with an ASA you have access to via console-cable! Lets do the following:

  1. Download the now filled with running-config "some text-file" to your local PC
  2. Make the changes you wanted in that text-file
  3. Upload the changed "some text-file" back to ASA i.e. overwrite the existing one in flash
  4. Reload the Device
  5. Watch carefully the CLI!

What your going to see - well - forget what you see through the boot process. The more interesting part is: will my changes come into play i.e. will I see them now in the running-config?! No I won't! Why? There's this little innocent line at the end of your startup-config "..crypto checksum.." - which I believe is the "culprit".

What could you do instead? Well - create a text-file with exactly the commands you need, to change, what you want to be changed. In my case change interface configuration of the outside and routing (no route.. and route ....)

  1. Upload this file to flash
  2. Connect via CLI
  3. Copy the text-file to running-config (copy <name of file> running-config)
  4. Hope that you hadn't made a mistake ;-)

I thought that the running-config would be overwritten - hm - it's merging, to be true. The ASA would only alter the parts of running-configuration that I had mentioned in the file I had uploaded to flash and copied to running-config. Save your config ;-)

Has anybody an idea how you would be able to use the boot config boot-variable to actually force the ASA at next reload to come up with a lets say totally different configuration?! Lets say we change the working mode of the ASA from routed to transparent! Hint: crypto checksum of the config-file?!

Looking forward to your answers.

Cheers

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card