Backup and Restore on the Cisco ASA 9.3

Backup and restore options are now available on the 9.3 ASA code.

In a recent blog post, I examined some of the new features available in the Cisco Adaptive Security Appliance (ASA) 9.3 code and promised to cover some of these here at the blog. With that said, let's examine the Backup and Restore functionality that is now built in to these devices. 

The first question we will tackle is what exactly is backup up through this process. The answer is just about everything you could want on your system! Here is the complete list:

  • The Running-configuration
  • The Startup-configuration
  • All security images, including the Cisco Secure Desktop and Host Scan images, Cisco Secure Desktop and Host Scan settings, AnyConnect (SVC) client images and profiles, and AnyConnect (SVC) customizations and transforms
  • Identity certificates (includes RSA key pairs tied to identity certificates; excludes standalone keys)
  • VPN pre-shared keys
  • SSL VPN configurations
  • Application Profile Custom Framework (APCF)
  • Bookmarks
  • Customizations
  • Dynamic Access Policy (DAP)
  • Plug-ins
  • Pre-fill scripts for connection profiles
  • Proxy Auto-config
  • Translation table
  • Web content
  • Version information

So you have just made some configuration changes and you are ready to backup your device. Here are some things to keep in mind:

  • In your backup location you should have at least 300 MB free
  • If you are in a failover configuration, you must backup the active and standby devices separately
  • The backup and restore should be performed from either the CLI or the ASDM, but you cannot mix the approach, for example, you cannot take a CLI backup and restore it using the ASDM 

Performing the backup is very simple thanks to a powerful new command:

backup [/noconfirm] [context name] [cert-passphrase value] [location path]

Here is an example:

CBTNUGGET-ASA1# backup location disk0:/sample-backup
Backup location [disk0:/sample-backup]?

As you might guess, performing a restore is made equally simple using the following syntax:

restore [/noconfirm] [context name] [cert-passphrase value] [location path]

Keep in mind you still have your copy commands should you want to just quickly backup a running-configuration to the startup-configuration or place this config on an external server. But clearly the robustness of the new backup and restore procedures are a welcome addition to your security environment. 

Thanks for reading and I hope you will join me for a discussion of more great new security functions for your Cisco network. 

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2015 IDG Communications, Inc.