[c-nsp] How to easily and securely pull configuration from a PIX/ASA
Marc Haber
mh+cisco-nsp at zugschlus.de
Thu Dec 6 10:50:05 EST 2007
On Thu, Dec 06, 2007 at 12:48:19AM +0000, Thorsten Dahm wrote:
> Marc Haber schrieb:
> > I am wondering what's the easiest way to pull the full configuration
> > (sans passwords/keys, if that makes things any easier) from a PIX or
> > ASA box.
>
> Use RANCID over SSH. If necessary you can change the RANCID scripts to
> work as you want.
The site already has a management tool in place, and they want just
the config pulled independently and securely, without deploying more
software. And, they have a decidedly anti-open-source stance :-(
Which access privileges would RANCID need, and how far can the RANCID
account be restricted? The administrators of the boxes are not very
keen on handing out unrestricted privilege 15 accounts to automated
processes.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
More information about the cisco-nsp
mailing list