cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
481
Views
0
Helpful
3
Replies

Remote Access VPN Policy - Accidental Deletion from FMC

GreenAnt
Level 1
Level 1

Hi all,

I won't bore you with the full story, but I accidentally deleted a policy from our FMC (Devices > VPN > Remote Access)

I have not Deployed it, so I'm assuming that the policy is still in place on the Firewall itself.

However, I do not know how to get that policy back. Does it need to be restored from a backup, or can I get it back from the Firewall in some sort of "Reverse Deploy" scenario?

We have a partner that usually helps with this stuff, but they are not returning my calls (I'll most likely drop them after this and get another partner). I'm just concerned that there might be an automated backup that might overwrite our previous one (or even worse an automated deployment that will prevent VPN access) by the time these guys respond to me.

Is there an easy way to reverse my stupid mistake, or do I have to do a full restore from backup?

 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

A full FMC restore would get it back. Unfortunately there's no feature such as an "incremental restore" to get back only what was inadvertently deleted.

You could also rebuild it in FMC using the relevant sections of the running-config as your guide (show running-config webvpn, tunnel-group, group-policy etc.). Do a diff of the running-config text file before and after you redeploy to make sure you got everything.

View solution in original post

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

A full FMC restore would get it back. Unfortunately there's no feature such as an "incremental restore" to get back only what was inadvertently deleted.

You could also rebuild it in FMC using the relevant sections of the running-config as your guide (show running-config webvpn, tunnel-group, group-policy etc.). Do a diff of the running-config text file before and after you redeploy to make sure you got everything.

Thanks for the reply. 

That, unfortunately, confirms my suspicions. Since I still haven't heard back from our useless Network partner.

I'll see if I can get a running-config and rebuild. Though the FMC rebuild might be less painful, assuming the Network guys have been doing regular backups...

If i were on your case i would rebuild the RAVPN ASAP that might be the fastest way to do than wait for your service provider. I think the only important thing that you need is the certificate and the address pool which is more likely not deleted and most probably still saved in your FMC. You just need to point them in your configuration.

Review Cisco Networking for a $25 gift card