You can execute some commands or get files on ASA, FWSM and ASA-SM directly with HTTP. First you need to enable http server : https://supportforums.cisco.com/docs/DOC-15016 Then a command is send in the URL following this syntax: 1https://IP_ASA/admin/exec/CMD1/CMD2/CMD3 A simple example to show the arps: 1https://IP_ASA/admin/exec/show+arp+ A more complex example to get statistics for a contex: [...]
The attribute map which bind our group of allowed administrators to a Service Type which allow logins: 123ldap attribute-map LDAP_MemberOf_ServiceType map-name memberOf IETF-Radius-Service-Type map-value memberOf CN=G_ADMIN_SECU,OU=Groupes,DC=TEST,DC=secu 6 The Active Directory Servers. I use SSL so be sure to import the root certificate from the Active Directory to make it works. 12345678910111213141516171819202122aaa-server TEST.SECU protocol ldap aaa-server [...]
Here the configuration I use for ASA failover 8.4+ based on my experience: On the primary: 123456789interface GigabitEthernet0/4 no shutdown failover failover lan unit primary failover lan interface FAILINK GigabitEthernet0/4 failover interface ip FAILINK 169.254.255.249 255.255.255.252 standby 169.254.255.250 failover key 222Th3Hak3Y222 failover link FAILINK GigabitEthernet0/4 prompt hostname state priority On the secondary: 12345678interface GigabitEthernet0/4 no [...]
The following error is found when tyring to scp to a SPLAT unconfigured for it: 1234567 [server] scp upgrade_export.tgz admin@xx.xx.xx.xx:/tmp The authenticity of host ‘xx.xx.xx.xx (xx.xx.xx.xx)’ can’t be established. RSA key fingerprint is 34:ff:52:0e:d6:57:53:12:d5:60:aa:7e:fa:e1:91:a8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘xx.xx.xx.xx’ (RSA) to the list of known hosts. admin@xx.xx.xx.xx’s [...]
Suite à cet article, je met légèrement à jour le script et le rend disponible sur GitHub: https://github.com/jmanteau/KeeMerge Toujours aussi simple, j’espère que ce script pourra vous rendre service.