Solved: full ASA backup compressed file via CLI

fang-man · ‎06-14-2023

Hello,

I'm trying to find out if there is any way to get a backup of an ASA via CLI similar to the ASDM methods, The backup from ASDM includes everything from the PSKs to the anyconnect session, etc.

regards,

Rob Ingram · ‎06-14-2023

@fang-man yes you can

backup [/noconfirm] [context ctx-name] [interface name] [passphrase value] [location path]

Example:


ciscoasa# backup location disk0:/sample-backup]
Backup location [disk0:/sample-backup]?

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/admin-swconfig.html#ID-2152-000009af

Each backup file includes the following content:
- Running-configuration
- Startup-configuration
- All security images
  
  Cisco Secure Desktop and Host Scan images
  
  Cisco Secure Desktop and Host Scan settings
  
  AnyConnect (SVC) client images and profiles
  
  AnyConnect (SVC) customizations and transforms
- Identity certificates (includes RSA key pairs tied to identity certificates; excludes standalone keys)
- VPN pre-shared keys
- SSL VPN configurations
- Application Profile Custom Framework (APCF)
- Bookmarks
- Customizations
- Dynamic Access Policy (DAP)
- Plug-ins
- Pre-fill scripts for connection profiles
- Proxy Auto-config
- Translation table
- Web content
- Version information

View solution in original post

Rob Ingram · ‎06-14-2023

@fang-man yes you can

backup [/noconfirm] [context ctx-name] [interface name] [passphrase value] [location path]

Example:


ciscoasa# backup location disk0:/sample-backup]
Backup location [disk0:/sample-backup]?

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/admin-swconfig.html#ID-2152-000009af

Each backup file includes the following content:
- Running-configuration
- Startup-configuration
- All security images
  
  Cisco Secure Desktop and Host Scan images
  
  Cisco Secure Desktop and Host Scan settings
  
  AnyConnect (SVC) client images and profiles
  
  AnyConnect (SVC) customizations and transforms
- Identity certificates (includes RSA key pairs tied to identity certificates; excludes standalone keys)
- VPN pre-shared keys
- SSL VPN configurations
- Application Profile Custom Framework (APCF)
- Bookmarks
- Customizations
- Dynamic Access Policy (DAP)
- Plug-ins
- Pre-fill scripts for connection profiles
- Proxy Auto-config
- Translation table
- Web content
- Version information

MHM Cisco World · ‎06-14-2023

@Rob Ingram suggestion is better than my.

His command can you backup password and start and running config.

Thanks

MHM

fang-man · ‎06-14-2023

Thank you @Rob Ingram & @MHM Cisco World for your feedback.

fang-man · ‎06-25-2023

I just had the opportunity to build a lab and test the given command (I'm building a script to automate our internal backup job).

When using backup location tftp://ip.ip.ip.ip/backup I get a blank file in my tftp server path. no luck with renaming it to backup.zip (this is the format generated by asdm). I also tried to save it as backup.zip and backup.tar.gz (this format is mentioned in the whitepaper), but none of them seems to work. Do you guys have any idea about the output file format?

Thanks in advance.

MHM Cisco World · ‎06-25-2023

Can you share exactly the command you use

fang-man · ‎06-25-2023

the above was the exact command I used: backup location tftp://ip.ip.ip.ip/backup

After more tries and using the file name with no extension (backup), I see that with 7zip I decompress the first file (backup) which gives another file named backup, and after decompressing this second one I can see my data. Such a weird behavior compared to the asdm backup.

MHM Cisco World · ‎06-25-2023

So you sucess' this issue is solved and close?

MHM

fang-man · ‎06-25-2023

I think so. thanks for your assistance.

MHM Cisco World · ‎06-25-2023

You are so welcome