Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3769
Views
0
Helpful
3
Replies

CSM 4.1 - ASA Configuration Backup Files via TFTP

Go to solution
mleiby
Level 1
Level 1

‎04-09-2012 06:50 AM - edited ‎02-21-2020 04:36 AM

      I'm fairly new to CSM so this may be a newbee question.  In the "old days" we would write mem to save the running config to startup, then write net to save the running config to a defined file on an TFTP server.  But now that we use CSM, there is no write net function that happens during the process of  deploying a change to the config.  The actual config is saved in CSM somewhere since we are actually making changes to it before deploying a change, right?  But it's not in a format where I could replace a failed ASA by "copy tftp startup-config?" 

     I read where you can "Preview Configuration" and then Copy/Paste the "ASA(Full)" configuration, but there is a major flaw in that plan.  The displayed output hides all of the passwords. I.E. enable, passwd, tacacs+ or radius keys, local username password.  Beside's, Copy/Paste has never been the best option to initially configure, or to replace a failed unit.  All you are doing is hoping the running config isn't interfering with what you are pasting. (The Factory Config for DHCP comes to mind).

     Is there a function where I can export the entire configuration to a file that is the complete startup configuration?  Or, is there a function I could enable to have the ASA's periodically "Write Net?"

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Todd Pula
Level 7
Level 7

‎04-09-2012 08:18 AM

You could configure a FlexConfig for one or more ASAs in order to execute the copy command before and/or after a config push.  I just tested this on my CSM 4.2 server and it worked.  You will want to use the /noconfirm option so that the end device doesn't present interactive prompts to CSM.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Todd Pula
Level 7
Level 7

‎04-09-2012 08:18 AM

You could configure a FlexConfig for one or more ASAs in order to execute the copy command before and/or after a config push.  I just tested this on my CSM 4.2 server and it worked.  You will want to use the /noconfirm option so that the end device doesn't present interactive prompts to CSM.

0 Helpful

Go to solution
mleiby
Level 1
Level 1
In response to Todd Pula

‎04-09-2012 11:21 AM

Todd,

     Thanks for the post.  I did try a "write net" like this previously, but I thought it was a once and done thing.  I just tested this again and it sure does run this evertime a change is deployed.   Excellent!  BTW, the "write net" Flex Config  works best for me since I already have my TFTP Server information confgured on each firewall.

     So, does this mean that all Flex Configs are applied again and again each time a change is deployed?

0 Helpful

Go to solution
Todd Pula
Level 7
Level 7
In response to mleiby

‎04-11-2012 10:08 AM

In the current versions, the Flex Config is prepended/appended during each deployment.  In the upcoming 4.3 release, you will have the option to deploy each time or only when a FlexConfig is new or modified.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card