Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2586
Views
0
Helpful
4
Replies

Manage multiple Cisco ASA's

Go to solution
Jon Are Endrerud
Level 3
Level 3

‎12-18-2016 11:50 AM - edited ‎02-21-2020 05:58 AM

Hei Everyone

Im managing multiple Cisco ASAs, ranging from 5555X to 5505, and all in between. Currently I am using the GIthub project Oxidized for configuration backup and pushing to Gitlab for changelog and storing of configuration. (https://github.com/ytti/oxidized) This project also takes care of my other units.

I am still struggling with management of the configuration changing when accesslists, nat rules and cryptomaps changes. What are people using for this ?, Are there anyway for example to easily deploy a new access rule to several devices at the same time ?

ASDM is ok for one device, but there must be something easier.

Thanx in advance

Jon

Please rate as helpful, if that would be the case. Thanx
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Oliver Kaiser
Level 7
Level 7

‎12-19-2016 04:26 AM

Cisco CSM could be used to do this. In the future it will be firepower management center when all ASAs run FTD.

If you are into oss and automation you could take a look at the ansible modules for asa. Since asa provides a rest api that has crud operations for acl&nat it can be used to automate changes

View solution in original post

0 Helpful
4 Replies 4

Go to solution
mattjones03
Level 1
Level 1

‎12-18-2016 01:48 PM

Hi Jon,

I find that Device Expert by Manage Engine is great for this type of thing.

Should tick all the boxes for the criteria you have mentioned.

0 Helpful

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎12-18-2016 01:52 PM

Solarwinds Network configuration manager can do this.

you basically create a file with all the configuration changes and aplply that to devices x.y.z on time T.

its very easy to use costs around AU$1300 / year for 200 node licenses

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Go to solution
Oliver Kaiser
Level 7
Level 7

‎12-19-2016 04:26 AM

Cisco CSM could be used to do this. In the future it will be firepower management center when all ASAs run FTD.

If you are into oss and automation you could take a look at the ansible modules for asa. Since asa provides a rest api that has crud operations for acl&nat it can be used to automate changes

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎12-20-2016 12:53 PM

All very good suggestions here. I would also suggest adding Cisco's Defense Orchestrator (CDO) to the list. It is pretty new and lacks many features but it seems like with the latest udpate/version Cisco has added a lot of new features:

http://www.cisco.com/c/en/us/products/security/defense-orchestrator/index.html

Thank you for rating helpful posts!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card