cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 12

Where can I get a device template for a Cisco ASA 5520 that will give me a "more system:running-config"?

Jump to solution

I am backing up a Cisco ASA 5520 which is acting as a VPN firewall, problem is the config NCM is downloading for me is not enough. A "show run" command does not display enough information for me such as pre-shared keys. It's my understanding that NCM uses device templates to know what commands to run on a device it's backing up. So in the Edit Properties page for a node in the Communication box where the deice template drop down list is we usually leave it to auto determine, I know this tells NCM to find the correct OID on the device to determine what type of template to use.

NCM is obviously finding the correct template for the device in question here's the commands...

<Commands>

        <Command Name="RESET" Value="terminal pager 0"/>

        <Command Name="Reboot" Value="reload noconfirm"/>

        <Command Name="EnterConfigMode" Value="config terminal"/>

        <Command Name="ExitConfigMode" Value="quit"/>

        <Command Name="Startup" Value="startup"/>

        <Command Name="Running" Value="running"/>

        <Command Name="DownloadConfig" Value="Show ${ConfigType}"/>

        <Command Name="UploadConfig" Value="${EnterConfigMode}${CRLF}${ConfigText}${CRLF}${ExitConfigMode}"/>

        <Command Name="DownloadConfigIndirect" Value="write net ${StorageAddress}:/${StorageFilename}"/>

        <Command Name="UploadConfigIndirect"/>

        <Command Name="EraseConfig" Value="write erase${CRLF}Yes"/>

        <Command Name="SaveConfig" Value="write memory"/>

        <Command Name="Version" Value="show version"/>

    </Commands>

</Configuration-Management>

The command I am sure NCM is using is <Command Name="DownloadConfig" Value="Show ${ConfigType}"/> I am sure. How would I go about getting the command

"more system:running-config"? Could I alter the device template or where could I get one that would suit. What is the usual practice for this? I'm sure I'm not the first person to encounter this issue.TIA

Labels (1)
1 Solution

fatset5,

Have you tried using these lines in your device template?

        <Command Name="Startup" Value="show startup"/>

        <Command Name="Running" Value="more:system running"/>

        <Command Name="DownloadConfig" Value="${ConfigType}"/>

I just verified in my own environment that the three above lines work.

View solution in original post

12 Replies
Level 9

Noobes & Michael -

Not sure if you've already gotten this issue resolved but we had a similar concern with config backups on our ASA 5520, plus an additional issue.

First, the bigger annoyance to me to was that a "show running-config" on an ASA is, or at least was, paginated so copies of my downloaded config would contain a blank line ever 20-25 lines because that's were a --- more --- would have shown up if I was viewing it from the command line. Anytime we updated the config those blank lines would move around and that made the configuration change reports very difficult to read.

Second, we also noticed that the config that we had saved was not a configuration that could be loaded back into a hardware replacement device due to the lack of keys, passwords, etc.

Our solution: We changed from an SSH download of the config to a TFTP download of the config. If you're looking at the template, that's the difference between DownloadConfig and DownloadConfigIndirect. That cleared up both of the issues I mentioned above. To do that I set the following values within the node NCM connection profile properties:

Execute Scripts Using:  SSH

Request Configs Using:  SSH

Transfer Configs Using:  TFTP

I hope that helps.

Ben

Thanks for your feedback Bene - very helpful.

With regards to initiating the TFTP dump - what script did you run on NCM to get it to transfer the more:running-config as opposed to the running-config?

Many thanks once again,

Michael

Michael -

Not a script really. If you look at the device template you'll see the following line:

<Command Name="DownloadConfigIndirect" Value="write net ${StorageAddress}:/${StorageFilename}"/>

When I set the connection profile "Transfer Config Using" value to TFTP it ends up logging into the ASA via ssh and executing a "write net [tftp server IP address]😕[temporary file name]" command. That command TFTP's a copy of the config to a temporary file on the TFTP server and then sucking it into the NPM/NCM database, before deleting that temporary file.

I guess the caveat is that you have to have a TFTP server running on the Solarwinds server. We happen to have that running because we use it as a location for software image uploads, etc.

We have actually switched to TFTP config backup on probably 20% of our NPM/NCM nodes to either correct an issue (e.g. Dell switches) or to allow for some screwball task we were trying to accomplish (template file generation and download).

I hope that helps.

Ben

Hello Michael / Ben / noobes,

I ran into the same issue and this is the only way I got by it. I modified this template "Cisco Adaptive Security Appliance-1.3.6.1.4.1.9.1.669.ConfigMgmt-Commands" to use "more system:running config". I changed all my ASA nodes from "Auto Determine" to "Cisco Adaptive Security Appliance". This backs up the running configuration with the PSKs. All my other Cisco Devices have their templates set to "Auto Determine" and they use the "Cisco IOS-1.3.6.1.4.1.9" template.

The only draw back to this I see if I cannot download the startup configs from any of my ASAs anymore. I get "Connectivity issues, discarding configuration (or configuration is too short)".

This is because there is no "more system:startup-config" command. I think I can live with this for now but if anyone has a work around to where I can get my startup configs by using the same template, please share.

Cisco Adaptive Security Appliance-1.3.6.1.4.1.9.1.669.ConfigMgmt-Commands

<!--SolarWinds Network Management Tools-->

<!--Copyright 2007 SolarWinds.Net All rights reserved-->

<Configuration-Management Device="Cisco ASA" SystemOID=" 1.3.6.1.4.1.9.1.669">

  <Commands>

  <Command Name="RESET" Value="terminal pager 0"/>

  <Command Name="Reboot" Value="reload noconfirm"/>

  <Command Name="EnterConfigMode" Value="config terminal"/>

  <Command Name="ExitConfigMode" Value="quit"/>

  <Command Name="Startup" Value="startup-config"/>

  <Command Name="Running" Value="running-config"/>

  <Command Name="DownloadConfig" Value="more system:${ConfigType}"/>

  <Command Name="UploadConfig" Value="${EnterConfigMode}${CRLF}${ConfigText}${CRLF}${ExitConfigMode}"/>

  <Command Name="DownloadConfigIndirect" Value="write net ${StorageAddress}:/${StorageFilename}"/>

  <Command Name="UploadConfigIndirect"/>

  <Command Name="EraseConfig" Value="write erase${CRLF}Yes"/>

  <Command Name="SaveConfig" Value="write memory"/>

  <Command Name="Version" Value="show version"/>

  </Commands>

</Configuration-Management>

0 Kudos

fatset5,

Have you tried using these lines in your device template?

        <Command Name="Startup" Value="show startup"/>

        <Command Name="Running" Value="more:system running"/>

        <Command Name="DownloadConfig" Value="${ConfigType}"/>

I just verified in my own environment that the three above lines work.

View solution in original post

Ok I got it to work. I am also considering a sho run all instead of the more system: running. We'll see how it goes Thanks!

0 Kudos

Download and save the attached file to the \Program Files "(x86)\SolarWinds\Orion\NCM\DeviceTypes" folder and try it. I do not think the "sh run all" command shows pre-shared keys for ASAs with site-2-site VPN tunnels but let me know your results.

0 Kudos

Thanks sixmill. That definitely seems like it would work. I will edit and post the results after the next scheduled job runs.

0 Kudos

Sixmill,

It worked! Thanks for your help.

0 Kudos

Ok I have this same problem and I have found the canned templates to use in device properties, but how are you guys making or getting this custom device template? I think I found it here: D:\Program Files (x86)\Solarwinds\Orion\NCM\DeviceTypes  Cisco Adaptive Security Appliance-1.3.6.1.4.1.9.1.669.ConfigMgmt-Commands

Hi Noobes,

Did you ever get to the crux of this? I am experiencing the same challenge.

If not let me know and I will keep you in the loop of any progress that I make.

Cheers,

Michael

0 Kudos

Using these lines as suggested worked for me

   <Command Name="Startup" Value="show startup"/>

        <Command Name="Running" Value="more:system running"/>

        <Command Name="DownloadConfig" Value="${ConfigType}"/>

0 Kudos