Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1451
Views
0
Helpful
5
Replies

ASA total configuation dump

Go to solution
darren.g
Level 5
Level 5

‎10-10-2011 05:28 PM - edited ‎03-11-2019 02:36 PM

Hi.

I'm in the process of re-working the network at my current place of employ, and I've run into a bit of an issue.

We have a pair of ASA5520 firewalls setup in a very inefficient fashion, and I wish to convert them to an active/passive cluster.

This bit is easy - blow 'em away and start from scratch.

Trouble is, there are a number of configuration option I will need to re-implement (VPN tunnels, remote users etc), and trying to capture the configuation with a simple "show running-config" or "show running-config all" or even "show startup-config" doesn't get me things like the pre-shared-key from the VPN configurations - and I don't know them all, so I can't simply re-enter them.

Is there any way to get a dump of the running (or startup) config which shows the hidden settings like pre-shared keys and OSPF message digest keys?

Thanks.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-10-2011 05:40 PM

Darren

I have always simply copied the config to a tftp server. This shows the preshared keys in plaintext (not sure about OSPF message digest) but you could also try this -

https://supportforums.cisco.com/docs/DOC-5749#comment-1299

never done it myself but looks like it should work.

Jon

View solution in original post

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎10-10-2011 05:42 PM

Hello Darren,

Use the following command to find that:

               -    more system:running-config

With this you are going to be able to see the pre-shared keys in clear text.

Hope this helps,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-10-2011 05:40 PM

Darren

I have always simply copied the config to a tftp server. This shows the preshared keys in plaintext (not sure about OSPF message digest) but you could also try this -

https://supportforums.cisco.com/docs/DOC-5749#comment-1299

never done it myself but looks like it should work.

Jon

0 Helpful

Go to solution
darren.g
Level 5
Level 5
In response to Jon Marshall

‎10-10-2011 05:53 PM 

jon.marshall wrote:
Darren 
I have always simply copied the config to a tftp server. This shows the preshared keys in plaintext (not sure about OSPF message digest) but you could also try this - 
https://supportforums.cisco.com/docs/DOC-5749#comment-1299
never done it myself but looks like it should work. 
Jon

Jon.

Thanks, but I should have clarified - I can't get the configuration from this to a TFTP server for reasons too complicated to go into - but related to WHY I'm trying to blow the damn thing away and start again from scratch.

The link gave the same solution as Julio's did, and it worked fine - appreciate the input.

Darren

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎10-10-2011 05:42 PM

Hello Darren,

Use the following command to find that:

               -    more system:running-config

With this you are going to be able to see the pre-shared keys in clear text.

Hope this helps,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
darren.g
Level 5
Level 5
In response to Julio Carvajal

‎10-10-2011 05:52 PM

Julio.

Excellent, that one gave me exactly what I needed! Thanks a bunch!

Darren

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to darren.g

‎10-10-2011 05:55 PM

Hello Darren,

I am glad it worked. Hope you have a great day.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card