[c-nsp] How to easily and securely pull configuration from aPIX/ASA
Andrew Gristina
agristina+cisco-nsp at gmail.com
Wed Dec 5 13:55:01 EST 2007
Rancid + only use ssh.
Usually easier than writing your own scripts (not true with netscaler though)
On Dec 5, 2007 10:36 AM, Justin M. Streiner <streiner at cluebyfour.org> wrote:
> On Wed, 5 Dec 2007, Eric Van Tol wrote:
>
> >> From: cisco-nsp-bounces at puck.nether.net
> >> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Marc Haber
> >>
> >> Actually, I do not care about seeing the keys, I care about pulling
> >> the configuration from the box in an automated, secure way with least
> >> possible privileges.
> >
> > I could be wrong, but I believe that the PIX/ASA configuration can be
> > seen via the internal web server. It's encrypted via SSL, so a wget
> > should work, if it's compiled with SSL support.
>
> The last time I had to do this I ended up writing an expect script to log
> into the device and pull the config down that way. At the time there
> wasn't a way to initiate the download using SNMP and SCP.
>
> It was ugly, but it worked once I wrote in some better error-handling :)
>
> jms
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list