Solved: ASA to work with RANCID

johnlloyd_13 · ‎01-04-2015

hi all,

i tried to poll one of our ASA to our RANCID server but it seems not working.

it seems only cisco routers, switches and APs are being polled.

has anyone tried RANCID to backup the config on an ASA?

Marvin Rhoads · ‎01-05-2015

John,

On ASAs (at least before 9.2 which introduced the "auto-enable" keyword to extend the "aaa authentication" setting) you always have to enter the "enable" command after authenticating to move from user exec to enable mode.

That behavior is unlike switches and routers which allow you to drop straight into enable mode (# prompt).

View solution in original post

Marvin Rhoads · ‎01-05-2015

We were using it at a previous employer to backup all our network devices, including several ASAs.

I believe you need to tweak the .cloginrc file to tell RANCID to use "term pager 0" for ASAs (vs. the standard "term len 0" for switches and routers)

I'd also double check your enable login for the ASA in the RANCID config.

johnlloyd_13 · ‎01-05-2015

hi marvin,

thanks for this info! guess i have to ask our server guy.

we're using AAA. what do you mean by "enable login" for the ASA?

Marvin Rhoads · ‎01-05-2015

John,

On ASAs (at least before 9.2 which introduced the "auto-enable" keyword to extend the "aaa authentication" setting) you always have to enter the "enable" command after authenticating to move from user exec to enable mode.

That behavior is unlike switches and routers which allow you to drop straight into enable mode (# prompt).

johnlloyd_13 · ‎01-05-2015

Marvin,

Thanks! Let me try that command before asking our server guy.

ASA to work with RANCID

IOS-XR BGP does not work

Firepower block rule doesn't work proprely.

ASA: Failover 構成時における ASA の Smart License の扱いについて

ASA: FPR1000シリーズを rommon> から ASA にリイメージする方法について

Firewall: ASA Failover，FTD HA の 'Negotiation' ステータスについて