How to restore start-up config on a pix515e (6.3)?

steve.dutky · ‎12-07-2006

Suppose that I have royally messed up my running and start-up configs:

Since configure net merges a tftp backup with the running config, I think this would make things worse.

From a console connection, I can

1. execute write erase, reload.

2. configure inside interface and route to tftp server.

3. execute configure net <tftp>:<cfg.file>

4. write mem

This appears to work, but I will need console access or potentially talk an onsite person through this.

Can anyone tell me of a more direct way to restore the start-up config?

Thanks.

Samuel8rown · ‎12-07-2006

No answer, but I'm eager to see if someone has a solution that will work for me as well. I'm running into a similar problem where I can edit the firewall context config files on my 6509's FWSM by tftp'ing them over to a server, editing them there, and tftp'ing them back. Problem is, once I get them there, there's no way to merge them with the running config.

"copy start run" generates the error message "Command not valid in current execution space". The reload command doesn't appear in the individual contexts, and I can't afford to restart the entire FWSM and shut down the hundreds of Mbps of client traffic that flows through it any time any single client needs a config update that requires this form of editing.

I suppose I should start my own thread so I can hand out rating points if anyone has the answer.

a.kiprawih · ‎12-07-2006

Try this method, for ASA 7.2:

- To copy from a TFTP server:

hostname# copy tftp://server[/path]/filename {startup-config | running-config}

i.e:

hostname# copy tftp://10.1.1.10/startup-config.cfg startup-config

- To copy from an FTP server:

hostname# copy ftp://[user[:password]@]server[/path]/filename {startup-config | running-config}

i.e:

hostname# copy ftp://admin password @10.1.1.10/startup-config.cfg startup-config

Check the status using "sh start".

You can also copy them to running config, verify, then saved as startup config:

viaTFTP -> hostname# copy tftp://10.1.1.10/startup-config.cfg running-config

via FTP -> hostname# copy ftp://admin password @10.1.1.10/startup-config.cfg running-config

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008063b3d6.html#wp1058567

I believed you can use the same method for multiple security context, or load (from tftp/ftp server) individual context configuration from the context itself

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008063b3d6.html#wp1060073

HTH

AK

a.kiprawih · ‎12-07-2006

Specific for PIX6.3, try:

tftp-server 10.1.1.10 startup-config

configure net :

Then view the loaded config file. Copy it to running config as well.

- configure net

The configure net command merges the current running configuration with a TFTP configuration stored at the IP address you specify and from the file you name. If you specify both the IP address and path name in the tftp-server command, you can specify server_ip :filename as simply a colon ( : ).

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ae.html#wp1026054

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a6.html#wp1055799

HTH

AK

steve.dutky · ‎12-08-2006

AK,

I do not understand:

"The configure net command merges the current running configuration with a TFTP configuration..."

Suppose either inadvertently or maliciously someone has inserted "network-object 0.0.0.0 0.0.0.0" into object-group network Trusted.

Does this not remain in the running config after merging in good back up from the tftp server?

If so, has does one efficiently restore to the last known good config?

Thanks, Steve

darbyweaver · ‎12-26-2006

I'm having the same challenge copying my old running-config to the startup config of the nex 515e.

I read some of the options people have mentioned and theory is great, but those options simply do not exist.

The best I have been able to do is merge my old configuration to the new configuration.