Hi,
Has anyone had any luck in getting NCM to backup the system context of multi-context ASA? The admin and firewall contexts can be referenced by IP and hence backed up, but the system context not so.
Thanks in advance.
Regards,Rob
See this post:
Thats something we are needing. We have four 5540s and are working on making sure the system and the rest of the context configs are downloaded.
whitejcdc--
Did you read the thread that Chris La Pointe put in his post just above yours? Did this address your issue? Let me know.
M
Hi All,
Thanks for the comments. I now have it working via both the comments from Chris and a point in the right direction from Suryanto.
For the less-familiar-with-NCM of us, myself included, may I point out a few extra things for us un-educated folk
1. Copy the ASA template from C:\Program Files\Solarwinds\Configuration Management\DeviceTypes to a new file: eg.Cisco Adaptive Security Appliance Version 8-1.3.6.1.2.1.1.7.0.ConfigMgmt-Commands
2. Edit the new file to update SystemOID to something like: SystemOID=" 1.3.6.1.2.1.1.7.0"
3. Change the <Configuration-Management Device="Cisco ASA version 7" to something new, e.g. <Configuration-Management Device="Cisco ASA Sys Context"
4. Change the <Command Name="RESET" Value="terminal pager 0"/> line to:
<Command Name="RESET" Value="changeto context system" RegEx="hostname#"/> !! replace hostname with yours
5. Save the new file
6. Create a new node in NCM pointing to the admin context of the ASA, but change its name to something reflecting the System context: e.g. CiscoASA1/Sys
7. Edit the node and change "Device Command Template" under the "Communication" section to use the newly created named template ("Cisco ASA Sys Context" from above), rather than the Auto Determine option
Awesome news rjbruce! And thanks for sharing your solution.
I had not Marie. I just ran across that thread yesterday and my FW counterpart needs to get involved too. I will use that thread and rjbruce's info a see if we cant get ours working. We plan on really stressing these ASAs for multiple client segregated access, in multiple locations even. Right now, our first set are a pair that failover to each other. These are designed to be our main ingress for all of our new clients who want to own their own equipment and private line connection on our site. Thanks and I'll report back!
Thanks whitejcdc for updating me on your status. I don't know if this is helpful but here are two additional posts on ASA.
Thx,
Mine still isn't working. Below is one of my configs:
I've tried this with the following lines:
<Command Name="RESET" Value="changeto context system" RegEx="lcaoff1/admin#"/>
<Command Name="RESET" Value="changeto context system" RegEx="lcaoff1#"/>
<Command Name="RESET" Value="changeto context system" RegEx="${SysName}#"/>
When I go to download the config it just sits there saying "receiving data"
Any ideas? I have about 200 firewalls to import and I cannot create a new template for each one. I wanted to use the variable SysName, but that nor the firewall name works.
<!--SolarWinds Network Management Tools-->
<!--Copyright 2007 SolarWinds.Net All rights reserved-->
<Configuration-Management Device="Cisco ASA Sys Context" SystemOID=" 1.3.6.1.2.1.1.7.0">
<Commands>
<Command Name="Reboot" Value="reload noconfirm"/>
<Command Name="EnterConfigMode" Value="config terminal"/>
<Command Name="ExitConfigMode" Value="quit"/>
<Command Name="Startup" Value="startup"/>
<Command Name="Running" Value="running"/>
<Command Name="DownloadConfig" Value="Show ${ConfigType}"/>
<Command Name="UploadConfig" Value="${EnterConfigMode}${CRLF}${ConfigText}${CRLF}${ExitConfigMode}"/>
<Command Name="DownloadConfigIndirect" Value="write net ${StorageAddress}:/${StorageFilename}"/>
<Command Name="UploadConfigIndirect"/>
<Command Name="EraseConfig" Value="write erase${CRLF}Yes"/>
<Command Name="SaveConfig" Value="write memory"/>
<Command Name="Version" Value="show version"/>
</Commands>
</Configuration-Management>
We will contact some of you to see if you are interested in testing a solution described here
