Titania Security

Retrieving config files from Cisco ASA, PIX And FWSM Firewalls

Blog post   •   Feb 20, 2013 11:24 GMT

There are multiple different methods of extracting the configuration from from your Cisco Security Appliance, this guide outlines just three of those. For instructions with screenshots and more information about extracting configurations go to our cyber security auditing blog.

Using ASDM And PDM

The ASDM and PDM interfaces can be accessed using a web browser with Java capabilities.
Whether you have access to ASDM or PDM will depend on your security appliance (and its age), but the procedure is the same for both. The procedure for getting the configuration from the your device is as follows:

  1. Using your favorite web browser, connect to the
    HTTPS service provided by your Cisco device for remote management. You can do
    this by entering "https://" followed by your devices IP address.
  2. On ADSM-capable devices, click on the "Run ADSM
    as a Java Applet" button.
  3. Logon using your administration username and
    password.
  4. You should now see the ADSM or PDM application,
    both of which are shown in the screens below.
  5. You can show the "running-config" using the
    option on the File menu.
  6. Copy and paste the configuration into a file to
    use with Nipper Studio.

Using TFTPWe don't recommend using TFTP to transfer your configuration due to weaknesses in the protocol, the other methods described in this section are more secure. However, here is the procedure for using TFTP:

  1. Connect to the Cisco device using SSH, Telnet,
    ASDM, PDM or through a Console connection.
  2. Login to your Cisco PIX device.
  3. Transfer the configuration using the TFTP command
    "write net <ip-address>:<filename>"

Using SSH, Telnet Or The Console

For this procedure you will be using the Command Line Interface (CLI) of your Cisco device using an SSH client (such as OpenSSH or Putty), Telnet or through the console port. We would recommend using either SSH (for remote connections) or using a direct connection to the console port.
Telnet provides no encryption of the communications and therefore your authentication credentials and configuration would be vulnerable if a malicious user were to monitor your connection.

  1. Connect to the Cisco using your favorite SSH
    client, Telnet or a direct console connection.
  2. Logon using your administration authentication
    credentials.
  3. Enter "enable" and type in your enable password.
  4. Execute the following CLI command and capture the
    output (possibly using the cut and paste facility):show run
  5. Save the captured output to a file and remove any
    visible page lines (i.e. --More--).

 Nipper Studio supports over 100 network devices including Cisco ASA, PIX And FWSM Firewalls. For a full list of supported devices go to out website.