ASA 5505 - Backup and restore to another device of same model and version
How can I backup the configuration of the ASA 5505 on 8.x and restore it to another ASA 5505 with same version? I have tried to save the running config to a file and then copy it to the new device and use the boot config: filename but it doesn't work. Or is there any other way to try? Thanks.
Thanks Andrew, I had tried it but I was having issues with the fact that I kept both ver 7 and ver 8 of the OS images on the flash. So it booted from the first found (ver 7) and creating confusion for me as the config file was for ver 8.
I noticed that it keeps the 192.168.1.1 IP even though in the config file it has another IP assigned. Is there other things that I need to check that do not change apart the IP address?
Thanks.
Similar Messages
-
Dear All,
I'm using Cisco ASA 5505 Firewall and I want the email alert from my Firewall if the CPU increase more than 70 %. Is it possible, Please help me.
Thanks
VijayHi Vijay,
If can be done but you need any network management software. I personally dont think you can ask your ask to send mails. ASA can trigger alert to a SNMP configured server which will intern send mail to you
HTH, -
My camera Canon G3 (i know it's old) no longer connects to iPhoto (8.1.2) on my iMac, I have checked with my friends iMac same model iPhoto version and it works fine using my cable, I would appreciate any help getting this sorted
As a Test:
Hold down the option (or alt) key and launch iPhoto. From the resulting menu select 'Create Library'
Import a few pics into this new, blank library. Is the Problem repeated there? -
Can I restore an icloud backup of photos to another device
I had an iPhone 5 which was associated with one apple ID. The last backup was the day before I purchased the iPhone 5s. The new phone is associated with another Apple ID and backs up to the iCloud under the new Apple ID. Can I retrieve the information from the old iPhone 5 by backing it up to a spare iPhone 4 so I can retrieve photos from it? Or is there a way to get the photos from the iCloud backup to my Mac?
Unfortunately, it is not possible to get the photos of your backup directly to your Mac, but it is a good idea to use your old iPhone 4 to retreive your photos from the backup by restoring your iPhone 4.
-
Hello,
I have setup ASA 5505 with 2 ISP, named outside (primary) and backup, the scenario is if outside down, then backup will take over, it works now.
But it is not working when the primary connection cannot reach the gateway with the interface still up.
Is it possible when the primary connection cannot reach the gateway then backup automatically take over?
Thanks before..
My configuration is:
ASA Version 8.2(1)
hostname cisco
domain-name default_domain
enable password ********* encrypted
passwd ********* encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 172.10.10.10 255.255.255.0
interface Vlan3
no forward interface Vlan2
nameif backup
security-level 0
ip address 172.20.10.10 255.255.255.0
interface Ethernet0/0
switchport access vlan 1
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name default domain
same-security-traffic permit intra-interface
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu backup 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (inside) 1 interface
global (outside) 1 interface
global (backup) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0
access-group inside_out in interface inside
access-group outside_in in interface outside
access-group backup_in in interface backup
route outside 0.0.0.0 0.0.0.0 172.10.10.1 1
route backup 0.0.0.0 0.0.0.0 172.20.10.1 254
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd lease 1048575
dhcpd auto_config outside
dhcpd address 192.168.1.100-192.168.1.200 inside
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect icmp
service-policy global_policy global
prompt hostname context
Cryptochecksum:24af050f332deab3e38eb578f8081d05
: endHi Amrin,
you can configure SLA monitoring on ASA and that woudl work fine for you:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
Hope that helps.
Thanks,
Varun -
Cisco ASA 5505 IPSEC, one endpoint behind NAT device
We have two Cisco ASA 5505 devices.
Both are identical, however, one of them is behind a NAT device.
We are attempting to create an IPSEC network.
Site fg:
<ipsec subnet1> -- ASA 5505 (ASA1) -- <internet>
ASA1: 10.1.1.2/24 (inside), 212.xxx.xxx.xxx/28 (outside)
Site be:
<ipsec_subnet2> -- ASA 5505 (ASA3) -- Zywall USG (USG1) -- <internet>
ASA3: 10.1.4.1/24 (inside), 192.168.4.50/24 (outside)
USG1: 192.168.4.100/24 (inside), 195.xxx.xxx.xxx/30 (outside)
USG1: UDP port 500/4500 forwarded to 192.168.4.50
It seems that ASA1 stops the procedure (we verified this with debug crypto isakmp 254):
Group = 195.xxx.xxx.xxx, IP = 195.xxx.xxx.xxx, QM FSM error (P2 struct &0xd1111cd8, mess id 0x81111a78)!
Group = 195.xxx.xxx.xxx, IP = 195.xxx.xxx.xxx, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 192.168.4.50/255.255.255.255/0/0 local proxy 212.xxx.xxx.xxx/255.255.255.255/0/0 on interface outside
Group = 195.xxx.xxx.xxx, IP = 195.xxx.xxx.xxx, PHASE 1 COMPLETED
We verified / attempted the following:
- NAT excemption on both sides for IPSEC subnets
- Mirror image crypto maps
- Disabled IKE peer ID validation (yes, pre-shared key but we ran out of ideas)
- Toggled between static to dynamic crypto maps on ASA1
Most search results turned up results referring to the incorrect settings of the crypto map or the lack of NAT excemption.
Does anyone have any idea?
195.txt contains show running-config of ASA3
212.txt contains show running-config of ASA1
log.txt contains somewhat entire log snipper of ASA1Hi,
on 212 is see
tunnel-group 195.xxx.xxx.xxx type ipsec-l2l
tunnel-group 195.xxx.xxx.xxx ipsec-attributes
pre-shared-key
When you define the peer with static tunnel-group entry ASA is looking for peer configuration in static crypto map. If the peer is behind static NAT configure a proper static crypto map with matching acl and proposals.
If the peer is behind dynamic nat refer this example :http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/81883-ipsec-iosrtr-dyn-pix-nat.html
Regards,
Abaji. -
My iPad has a number of documents, including pdf, xls, doc, ppt files. Some are associated with Documents to Go - Premium, which froze on the device attempting to download an update and had to be deleted (which also deleted the files that only were on the iPad and associated witht the app). How do I restore only that app and/or the related files from the iCloud. Ans I've found so far were not clear/specific enough or seemed to indicate the entire iPad had to be restored. iOS 5.1.1
Step by step
1. Erase all contents and settings
2. You'll be asked twice to confirm
3. You'll see Apple logo and progress bar
4. You'll see a big iPad logo on screen
5. Configuration start
6. Set language
7. Set country
8. Enable Location Service
9. Select network, enter password and join network
10. You'll be given 3 options (a) Setup as New iPad (b) Restore from iCloud Backup (c) Restore from iTune Backup
11. Selected Restore from iCloud Backup
12. You'll be required to enter Apple ID and Password
13. Agree to Terms and Conditions
14. Select Backup file
15. You'll see progress bar
16. Red slider will appear; slide to unlock; step #1 to #16 is fast
17. Pre-installed apps will be restored first
18. Message: Purchased apps and media will now be automatically downloaded
19. You'll see a pageful of apps with Waiting/Loading/Installing
20. Message: Some apps cannot be downloaded, please sync with computer -
ASA 5505 Username and Password
Hi All,
I am trying to configure an ASA 5505 with a username and password. I set all the pass words:
password xxxxxxx
enable password xxxxxxx
username xxxxxx password xxxxxxx
When I reload the device it prompts me for the username, then the password and it fails and just asks for the username again. I have even tried to delete the username/password combo but it still prompts me for it. When I do password recovery the confreg is 0x00000001. I am no ASA expert and this is getting a bit frustrating.
When I first configured the device and reloaded it, everything worked fine.....once. Upon the second reload it just keeps prompting me.
Thanks for any help.
BillHello Carter,
Hmm, it sounds like a config-register problem.
So when you are in rommon you got to set the confreg to be on 0x41 so you can ignore the startup-config.
Then when you enter to the ASA please do the following:
enable password cisco
username password cisco
config-register 0x01
wr
and then finally reload,
Regards,
Julio -
IPhone 4 restored using another device
iPhone 4 had to be restored to factory settings due to a glitch in ios7 patch. My iPhone wasn't backed up in the iCloud, so I restored to another iPod attached to my computer which had my contacts. How do I re-register my restored iPhone and rename the device on my computer, without losing/overwriting the copied iPod device username and details?
Welcome to the Apple Community.
Turn on Photostream in your system preferences > iCloud settings.
Assuming iPhoto is up to date, turn on photostream in iPhoto preferences.
Photos in photostream should start to sync with your Mac. -
Hello i have two ASA5505 .
On one i have erased disk0 and i can't access it over ASDM...
I have copied the 2bin files asa-k8.bin and asdm-k8.bin from the working ASA to the ereased still no ASDM...
My questions are :
Are the licenses gone?
What should i do to fix it?
I have a backup.zip from the working one. Can i import it in the ereased with CLI ?
ThanksHello,
Can you share to the community how you did it ?
So if someone having the same issue can fix it with this
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.
Any question contact me at [email protected]
Cheers,
Julio Carvajal Segura -
Have multiple iPhone backups across 2 iPhones and 3 iPads. I need to pull backup files and pictures off of backed up devices that are not my current in-use device. How do I do that? They are all under one apple ID.
If you still have the devices, import them to your computer (see http://support.apple.com/kb/HT4083), then sync them to your current device. If they are only stored in backups, the only way to access them is to restore the device to the entire backup. Note: you can only restore photos in an iPhone backup to another iPhone, and from an iPad backup to another iPad. If the backups are on your computer, you may be able to extract the photos from the backup using 3rd party software such as iPhone Backup Extractor.
-
ASA 5505 VPN and Sprint Mobile Broadband clients.
I have a strange problem, it's something that just started recently when we had a user try to gain access with a Sprint Mobile Broadband card. We have quite a few remote users, probably not more than 6 ever connected to the VPN at once, and I have not heard of any issues until recently. We are starting to require more travel to remote locations, so the use of the hotel internet, as well as Sprint mobile broadband is becoming more important.
There are a few issues here. Everything is IPsec.
Mac OSX with VPN client version 4.9.01 will connect to the VPN when connected to a normal internet connection, but as soon as it gets on the Sprint Mobile Broadband device, it connects for exactly 5 seconds and disconnects.
Windows XP Pro, has no problems with normal internet, on the wireless broadband modem, it will connect to the VPN, but have no access to internal resources or access to the internet.
Windows Vista, has issues all the way around, but mainly when connected to the wireless it has the same issues as XP minus the internet browsing.
Strange thing is, all these problems seem to been different, but they all started around the same time. I have been testing everything I can think of. Talked to Sprint, which the lady there was actually very helpful...just have to get to the right person. But nothing we tried did any good.
Does anyone know of any settings on my ASA that I need to change in order to get these types of connections to work?
The best part of all this is that my Linux machine can connect/surf/and browse the internal network through the VPN just like it normally would work.
Something has to be wrong with my client config settings that is causing this to happen.Have you enabled NAT Traversal? (Both on the Client and ASA)
That would be the first thing to check.
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution1
Regards
Farrukh -
After insall'g SAP can a backup be restored from another server?
I have installed SAP onto Server B, and would like to use a backup (third part vendor 'commvault') created by commvault on server A, to restore to Server B.
The SIDs are the same, and the same CDs were used to install SAP, the ONLY differneces are the IP addresses and the Server names
Will this work?
MariaHi Maria,
If the server names are different then, you cannot restore a backup.
In this case you have do a system copy.
Please go through sap help site for more details on system copy.
Best Regards
Raghu -
ASA 5505 Backup Config to TFTP Server
Is there a way to backup the configuration file to a tftp server? I've tried "copy start tftp" and copy run tftp". No luck, I get an error message. Thanks in advance.
What kind of error message did you get?
ciscoasa# write net ? WORD IP address of tftp server and file name :. Place IPv6 address within square brackets. -
Cisco ASA 5505 - outside can't DHPC as router use same range
Hi
Im new to the ASA and is trying to setup at test net. The ASA is connected to my router on port zero using DHPC.
(Or i guess its not as the router use the same ip range as ASA does inside).
I tried to set a static IP in the same range (eg. 192.168.1.20) but then get the message "cannot overlap with the subnet of interface inside".
So I belive that is why it dont get a IP from my router - it does show up in the router DHPC table as 192.168.1.5 but ASDM home says outside "no IP address".
I tried to change the inside range of the ASA but if I change the inside IP i loose connection.
(Had to restore factory-default useing the console).
I guess I could setup another range using the console, but how?
How can I setup this test net?If I need to save I did not. (I have not used the console before).
Found the: "write memory" and reload command.
I cant connect to the asa using ADSM-IDM Launcher (from PC connected to the inside lan).
It seems that the asa DHPC server does not work.
And: show running-config
ciscoasa# show running-config
: Saved
ASA Version 8.2(5)
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
no ip address
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcp-client client-id interface outside
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:5085ad55b43198c7490b2edfee450906
: end
Maybe you are looking for
-
Unable to debug user exit in CRM BW (EXIT_SAPLRSAP)
Hi Gurus, Please help me to debug user exit in CRM BW. I am using below enhancement RSAP0001 (Customer function calls in the service API) "EXIT_SAPLRSAP_003" Datasource is ZSTAONESYS0_TEXT The extract structure I have modified is "CRM_BIW_ST_T" =====
-
How to remove credit card information from iPhone 6
I can't download Netflix with icloud it says a problem with my credit card payment but I'm not buying anything and I want it removed!!! HOW ?!?!
-
Hi, I need help regarding Partitioning of data. 1. What is Partitioning? 2. How it is going to help in handling the data? 3. What is Physical and Logical Partitioning? 4. If we do Partitioning, we will view the data in different Stages? If so how can
-
CRM Utility Contract -Structured document
We are going to use structured utility contract docuemt for multisite customers. Can anyone help how the assignements with multiple premises work and what should be best practice to create sub level items(isu contracts) in the strucutred utility cont
-
How do you contact Adobe PS Elements Support?
Does anyone know how to contact Elements support besides Forum?