PIX/ ASA Pre Shared Keys

Hi Guys,

Does anyone know if it is possible to backup PIX/ ASA configurations to include the PSK when using NCM. I know how to do this via tftp???

Thanks in advance.

Stacky

Find more posts tagged with

backup

asa

pix

tftp

psk

Accepted answers

moyzan

I think I found out what's wrong. We're using PIX 501 version 6.3 and the "more system:running-config" is just for version 7. I tried to login directly to my PIX and couldn't run that command. I think I'll settle with a show run for now...

All comments

Yann

Hi,

The PSK will only appear if you backup the conf by TFTP or if you issue the more system:running-config command.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00807f2d37.shtml

You can either configure NCM to download the configuration through TFTP or modify the device template to send the more system:running-config command instead of a show running-config.

How to configure NCM to download the configuration using the TFTP transfer protocol?

Start > All Programs > SolarWinds Orion Network Configuration Manager > Orion Network Configuration Manager.

Right-Click on your PIX/ASA and select Edit Selected Node...

In the Device Details tab, scroll down to the Communication section.

Configure it to use TFTP for the "Transfer Configs Using" option. Use Telnet or SSH to request the config.

How to modify the Device Template to issue a different command ?

Open it in notepad. Device Templates are located in \Program Files\SolarWinds\Configuration Management\DeviceTypes\ .

Ex for the Cisco Pix Firewall 520 template:

Edit it from:

To:

Save it and restart NCM. Try to download the config and see if it works.

Enable the session trace if it fails to further troubleshoot:

In NCM, go to File -> Settings.
Scroll to the end of the list on the left, and under Advanced, you should see "Session Tracing". Click this option.
In the pane on the right, check the "Turn on Session Tracing" checkbox, then click OK.
Remember to uncheck this when the tests are complete.
This will save the trace file in c:\program files\solarwinds\configuration management\Session-Trace

HTH,

Yann

stacky

Hey Yann,

Thanks for the excellent reply. We are going to try this out, but i am sure it will work.

Regards

Stacky

moyzan

I'm having the same problem. I tried Yann's solution but it didn't work. I modified the template and it gives me a connectivity error when attempting to download the configs. I enabled the trace but can't really say what's wrong by looking at it. Should I open a ticket for this?

moyzan