11-28-2009 12:22 AM - edited 03-10-2019 04:50 AM
Good day,
First time posting a new question. I have many customers that have ASA in HA with Dual ssm-10 or 20s. I want to know if anyone out there has a script already created that will,
1. Connect to the IPS running on the ACTIVE ASA and pull the config.
2. Run a 'Search AND Replace' for the specific IP address of the Sensor (e.g. 10.1.1.50/24 10.1.1.1) and replace it with the standby IPS' IP Address.
3. Run a 'Search AND Replace' for the 'host-name' and replace that with the standby's hostname.
4. Then TFTP the NEW config to the secondary IPS.
This would insure that all the changes, exceptions etc are the same on both boxes. You could then run a cron that would do this regularly. I found this code snippet online and modified it. I am in the process of teaching myself Perl since I have seen the benefits of it, but for now I fummble along. I was able to get the first part to work. It matches the IP exactly as it appears there (would be nicer to be able to look for ANY string after the host-ip).
Thanks
Manny
****** SNIPPET *******
#!/usr/bin/perl
use strict;
use warnings;
use File::Find;
my $startdir = 'c:\ips-test';
my $find = 'host-ip 10\.1\.1\.50';
my $replace = 'host-ip 10.1.1.51';
my $doctype = 'txt';
print qq~Finding "$find" and replacing it with "$replace"\n~;
find(
sub{
return unless (/\.$doctype$/i);
local @ARGV = $_;
local $^I = '.bac';
while( <> ){
if( s/$find/$replace/ig ) {
print;
}
else {
print;
}
}
}, $startdir);
print "Finished";
11-29-2009 06:47 AM
OK, here is the other piece to it. Now I am able to find and replace the IP and the Hostname however the IP gets written twice.
I am just curious if others think this would be helpful.
#!/usr/bin/perl
use strict;
use warnings;
use File::Find;
my $startdir = 'c:\ips-test';
my $find = 'host-ip 10\.1\.1\.101';
my $replace = 'host-ip 10.1.1.102';
my $find2 = 'host-name corpips01';
my $replace2 = 'host-name corpips02';
my $doctype = 'txt';
print qq~Finding "$find" and replacing it with "$replace" and "$find2" with "$replace2" \n~;
find(
sub{
return unless (/\.$doctype$/i);
local @ARGV = $_;
local $^I = '.bac';
while( <> ){
if( s/$find/$replace/ig ) {
print;
}
if( s/$find2/$replace2/ig ) {
print;
}
else {
print;
}
}
}, $startdir);
print "Finished";
02-03-2010 09:19 PM
Hi
Using IPS ver. 7, I found that the following procedure will do the job:
- FTP the CurrentConfig of the primary unit to a FTP server
- FTP the unchanged config file on to the failover unit.
In the process of overwriting the CurrentConfig, on the failover unit:
you will be asked if you want to overwrite IP, and Hostname – don’t ;-)
#Would you like to replace existing network
#settings(host-ipaddress/netmask/gateway/access-list) on sensor before proceeding? [no]:
05-25-2010 06:44 AM
Peter,
I will take a look at that this week. That sounds a lot more simple :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide