This Article explain way to back and restore configuration of ASA running on Firepower 2100 series platform. When you run ASA on Firepower 2100 platform, you have two software, FXOS and ASA on the platform. You need to backup config on both software. As on ASA 9.8.2, you can backup ASA config using Copying "show running-config". FXOS needs manual configuring.
Backup ASA Configuration:
ASA Configuration can be backup with any one of below items.
1) Copy running-config ftp:/scp:/smb:/tftp: (Copying ASA running configuration to ftp, scp, SMB, tftp, through Management or any of data interfaces)
2) Copy startup-config ftp:/scp:/smb:/tftp: (Copying ASA running configuration to ftp, scp, SMB, tftp, through Management or any of data interfaces)
3) Simply copy (show running-config) and paste to text file
Restoring ASA Configuration:
Restoring ASA config to ASA can be either of below steps.
1) Simply copy past ASA config file on ASA console/Terminal.
2) Copy ftp:/scp:/smb:/tftp: running-config
FXOS Configuration Backup & Restore:
Since FXOS on FP2100 doesn't have backup option, all configurations need to be noted down manually. "show tech-support fprm" can be also used, which have some of below configuration. You may use FCM Firepower Chassis Manager or FXOS CLI to configure below parameters.
Firepower Chassis Manager: https://<FXOS-IP>
Management IP address for FXOS: firepower-2110#Scop fabric-interconnect a firepower-2110 /fabric-interconnect #set out-of-band static/DHCP
DNS Config: firepower-2110#Scope system firepower-2110 /System#Scope Services firepower-2110 /system/services # create dns
CSCvh91118 implies (but doesn't explicitly state) that from ISE 2.4 patch 6, you can permanently enable the Disclose invalid usernames option. The pop-up help has also removed references about this option being limited to 30 minutes. This option...
Hello, Can you please help me understand the difference between the commands:clear crypto sa&clear crypto session I understand that clear crypto sa will clear all SA's (phase 1 and phase 2) for a specific peer if you choose. I am understandi...
I am trying to set up site to site IKEV2 tunnel between ISR 4351 and ASA. When I do debug crypto ikev2 protocol 255, I can see there is a problem:"IKEv2-PROTO-2: (1629): Error in retrieving config mode data to send".Here are the full debug logs from ...
we have a connection from LAN port to IP phone (Yealink) then to a dell docking station for wired. we have a user using dell docking station, but when he undock to wireless access to meeting, back to desk plug backto the docking, network connection i...
Hi Guys, We have one pulblic ip address and two web server located in DMZ zone. We want to configure load balancing or load sharing for server availability. Kindly suggest how can we configure load balancing for web servers on ASA 9.6 without a...