[c-nsp] How to easily and securely pull configuration from aPIX/ASA
Justin M. Streiner
streiner at cluebyfour.org
Wed Dec 5 13:36:11 EST 2007
On Wed, 5 Dec 2007, Eric Van Tol wrote:
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Marc Haber
>>
>> Actually, I do not care about seeing the keys, I care about pulling
>> the configuration from the box in an automated, secure way with least
>> possible privileges.
>
> I could be wrong, but I believe that the PIX/ASA configuration can be
> seen via the internal web server. It's encrypted via SSL, so a wget
> should work, if it's compiled with SSL support.
The last time I had to do this I ended up writing an expect script to log
into the device and pull the config down that way. At the time there
wasn't a way to initiate the download using SNMP and SCP.
It was ugly, but it worked once I wrote in some better error-handling :)
jms
More information about the cisco-nsp
mailing list