Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
789
Views
5
Helpful
3
Replies

Backup ASA config through VTI VPN Tunnel

PiotrM
Level 1
Level 1

‎10-30-2020 04:39 AM

Hello,

 

I would like to automate backups of our ASA devices that are installed in remote locations. I want to backup them using Ansible, so the Ansible host will be connecting to the ASA and running backup command to backup config to a FTP server. I'm using the following command:

backup /noconfirm interface {if-name} location ftp://{user}:{password}@{ftp-server-ip}/{location}/{filename}

 

The problem is that the ASA has to save config thorugh VTI VPN tunnel and when it's trying to copy the file to the ftp server it's using VTI interface IP address even if I use the interface option in the backup command. I can't force ASA to use any other interface IP address.

 

Is it possible to do this somehow or the only way is to add routing to the VTI interface IP address on my side?

 

Thank you,

Piotr

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Georg Pauwen
VIP
VIP

‎10-30-2020 05:36 AM

Hello,

 

an alternative would be the use a simple EEM script. The one below backs up your config each day at 8PM. The IP address in the example needs to be changed to reflect your FTP server:

 

event manager applet BACKUP_CONFIG
description Backup-Running-Config-To-FTP
event timer cron cron-entry "0 20 * * *"
action 0.1 info type routername
action 1.0 cli command "enable"
action 1.1 cli command "copy run ftp" pattern "Address"
action 1.2 cli command "192.168.1.2" pattern "filename"
action 1.3 cli command "$_info_routername-config_$_event_pub_sec"
action 2.0 syslog priority informational msg "Configuration successfully written to FTP server"!

PiotrM
Level 1
Level 1
In response to Georg Pauwen

‎10-30-2020 06:32 AM

Thank you for this info, but the problem is not that Ansible method doesn't work, because it does on our local ASA (in the same office where the FTP server is). The problem is that ASA is trying to save config to FTP is using VTI interface IP address as source IP address instead of specified interface IP address

0 Helpful

paul driver
VIP
VIP

‎10-30-2020 06:39 AM - edited ‎10-30-2020 06:45 AM

Hello

This will save .cfg file to tftp server as/when the write mem is performed:
tftp-server <interface> <tftp ip> /sharename/.cfg

example:
tftp-server OUT 1.1.1.1 /backup/backup.cfg


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card