How to backup a Cisco Router(2600 series) and PIX(10000) 4

[skhoury]

Hello all,

Ok, I have a problem: This weekend, my company has hired a "security expert" to conduct an internet penetration test into our network. I would feel much more comfortable if I could somehow backup the configuration of our router and PIX firewall to my workstation in case something got blown away.

Does anyone know how to go about backing up the config and restoring it?

Many thanks!

Salim

 

[stevensavage]

You can use a tftp server to copy the config direct but the simplest way is to copy it from hyperterminal.
Telnet/console into it using hyperterminal
click on transfer >capture text
select a filename and click on start
type sh run and spacebar to the end of it
When its finished outputting, click on transfer >capture text >stop.

Open the file in notepad and remove the line breaks and thats it

Steve

 

[skhoury]

Steven, thanks!!

Thanks for the tip, it works for my routers, but the command doesnt seem to exist on the PIX. am I just doing something wrong? (im logged into privildged config mode). Also, once I've got the output saved to a file, how would I go about restoring it?

Thanks!

Salim

 

[AJ1982]

Its the write command on a PIX

===

Fatman Superstar (Andrew James)

CCNA, CCAI

 

[skhoury]

Fatman, based on the description of the command in the console, im assuming I can use write to read the config back in right?

Otherwise, would I just cut and paste it into the console?

Thanks!

 

[AJ1982]

Yes cut and paste always does the job for me, on all Router/Switch/Pix

Ta

AJ

===

Fatman Superstar (Andrew James)

CCNA, CCAI

 

[skhoury]

Awesome, thanks man.

 

[patrckb]

BTW,

In IOS, I find it useful to type the command:
term length 0
before I start my capture and do the show run. This turns off the pagination for this terminal session. Then there is no editing needed of the captured file.

With the PIX, YMMV.

Patrick

Patrick Bartkus, CCNP, CNX, SCM, RHCE Sr. Network Engineer
GA Dept of Labor IT Network Services
If truth were not absolute, how could there be justice?

 

[skhoury]

Thats a great point Patrick, thanks for the tip!

 

[tmt7734]

You can get a free tftp server from download.com and do a "copy start tftp". You can also backup your IOS image this way as well.

 

[phonedud]

what would be the file name for th IOS image and what would the commands be to get a back up IOS image from a working router?

 

[skhoury]

Yes, My thoughts exactly phonedud. Tmt, could you help?

 

[tmt7734]

You can do a 'dir' and get a list of the files in flash. 'copy flash tftp' would be the copy command

 

[patrckb]

If you are going the tftp server route, there is a very hand Perl script to automate it.

It's call scarfconf.pl and it is part of the MRTG (

http://www.mrtg.org)

distribution. It is under contrib/cisco_tftp. You specify the IP of the Cisco router, it's community string, the IP of your tftp server and a unique ID and it sends the SNMP commands to download the config into that file.

Like I said, it's handy.

Patrick

Patrick Bartkus, CCNP, CNX, SCM, RHCE Sr. Network Engineer
GA Dept of Labor IT Network Services
If truth were not absolute, how could there be justice?

 

[skhoury]

tmt, and Patrckb,

Thanks to both of you for fantastic tips and guidance. Its made my job of backing up and restoring these routers much easier!

Salim