In this article, we will discuss the Backup and Restore process of the Cisco ASA Firewall configuration. Cisco ASA provides you to take the backup using SCP, and TFTP.
If you are using ASDM, you can also export the configuration backup using ASDM.
Cisco ASA has two types of configuration, i.e., Startup Configuration and Running Configuration. As the name suggested, the startup configuration is the configuration that is available during the Firewall startup, and the running configuration is the real-time configuration. You can use the write mem command to copy the running configuration in the startup configuration.
Well, now let’s discuss the complete configuration backup process of the Cisco ASA Firewall.
Exporting Cisco ASA Configuration using SCP
First, we will use the SCP to export the Cisco ASA configuration. For this, you need to enable SSH access on Cisco ASA Firewall. Login to the Cisco ASA CLI, and execute the below command to enable SSH access.
1 2 3 4 5 6 7 |
ciscoasa> en Password: ******** ciscoasa# conf t ciscoasa(config)# username iptrainer password iptrainer privilege 15 ciscoasa(config)# ssh 0 0 inside ciscoasa(config)# end ciscoasa# |
Above configuration will enable SSH on the inside interfaces. Now, just execute the below command from Linux Terminal or Windows CMD:
1 2 3 4 5 6 |
C:\Users\admin>scp admin@192.168.31.161:system://running-config . admin@192.168.31.161's password: running-config 100% 12KB 3.2MB/s 00:00 Connection to 192.168.31.161 closed by remote host. C:\Users\admin> |
If you want to change the directory and name of running-config, just replace “.” with the directory and file name. For Example:
1 2 3 4 5 6 |
C:\Users\admin>scp admin@192.168.31.161:system://running-config . admin@192.168.31.161's password: running-config 100% 12KB 3.2MB/s 00:00 Connection to 192.168.31.161 closed by remote host. C:\Users\admin> |
Also, if want to export the configuration manually from the ASA enable mode, just use the below steps to export the firewall configuration:
1 2 3 4 5 6 7 8 9 10 11 12 |
ciscoasa> en Password: ******** ciscoasa# copy running-config scp: Source filename [running-config]? Address or name of remote host []? 192.168.31.174 Destination username []? root Destination filename [running-config]? Cryptochecksum: 7a97e2ff 76c7b558 7db0fbbe 4dda8bbf Password: ******** !!!!!!!!!!!! 11930 bytes copied in 4.310 secs (2982 bytes/sec) ciscoasa# |
Exporting Cisco ASA Configuration using TFTP
Well, now we will export the running configuration using the TFTP. You need to login to the Cisco ASA and need to run the below commands to export the running configuration.
1 2 3 4 5 6 7 8 9 |
ciscoasa> en Password: ******** ciscoasa# copy running-config tftp: Source filename [running-config]? Address or name of remote host []? 192.168.31.225 Destination filename [running-config]? Cryptochecksum: 0eca1f30 ce73109a 33ece8f1 5b0e3947 11930 bytes copied in 0.100 secs ciscoasa# |
Exporting Cisco ASA Configuration using ASDM
Finally, we will export the running configuration of the Cisco ASA firewall using ASDM. The benefits of taking the backup from the ASDM, it provides you Certificates and WebVPN configuration as well.
Login to the Cisco ASA ASDM, and Navigate to Tools >Backup Configurations.
Select the configuration that you want to backup. In this example, I’m exporting the full configuration backup.
Once this process will be completed you will get the below message.
Now, you can navigate to the same file and use this to restore the configuration.
Related Articles
- How to install Cisco ASAv Firewall in EVE-NG Simulator
- Enable Telnet and SSH access to Cisco ASA Firewall
- Configure Cisco ASA Firewall for ASDM Access
- Cisco ASA: Security Levels and Zones Explained
- How to configure Static Routes on Cisco ASA Firewall
Conclusion
In this article, we have taken the backup of the Cisco ASA firewall using SCP, TFTP, and ASDM. We have discussed the multiple ways to take the backup of Cisco ASA using SCP. This will surely help you to save time during the backup process. Also, you can easily restore the restored backup in one click. If you are having issues while executing the mentioned commands, feel free to reach out to me in the comments.
Please share this article on social media platforms and shows us some love.
If you like our content, Please Consider:
At IPtrainer.net, we provide Network, Network Security, and Linux Articles and Guides. All of the published articles are available FREELY to all.
Please consider buying us a coffee ( or 2 ) as a token of appreciation.
We are always thankful for your never-ending support.