Seeing is Believing- How can I see the entire config on an ASA?

VN:F [1.9.6_1107]
Rating: 5.0/5 (2 votes cast)
By Brandon Carroll on August 23rd, 2010

I remember a time when I taught a class called CIT (Cisco Internetwork Troubleshooting) and there was a wonderful rule that made all the students sweat a little more and all the instructors give that old Dr.Claw laugh (From Inspector Gadget if you have no idea what I’m talking about).  Essentially it allowed the Instructor to do things that were really mean and evil and forced the students NOT to take the easy way out.  What was that rule?  When troubleshooting you may NOT use the command Show Running-Config or any variant of it.

Some of you are thinking….wow- I would be lost.  To be honest I would be as well depending on the technology and the situation I’m in.  So I won’t burden you with that rule.  However, I would like to share a command that does’t just give you the running configuration on the ASA, rather it gives you the “real” running configuration.  What am I talking about?  Well, simply put- show run all…

That’s right!  While many of you know this deep dark secret (it’s not really a secret)  other don’t.  So there ya go!  A little tipt to put in your tip jar.

So the next time the boss says, “Man I cant remember the syntax of the default group policy on our ASA,” you can quickly respond with…

(type..type..type…)

ciscoasa# sh run all group-policy
group-policy DfltGrpPolicy internal
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
ipv6-vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
intercept-dhcp 255.255.255.255 disable
<--- More --->

“It’s DfltGrpPolicy boss.  Anything else you need before I head to lunch?”

-Regards

Brandon Carroll – CCIE #23837

Seeing is Believing- How can I see the entire config on an ASA?, 5.0 out of 5 based on 2 ratings
Share and Enjoy:
  • RSS
  • Twitter
  • Facebook
  • Google Bookmarks
  • Digg
  • Print
  • Technorati
  • Slashdot
  • LinkedIn
  • del.icio.us
  • Reddit
  • Sphinn
  • Mixx
  • Blogplay
  • Netvibes
  • NewsVine
  • Live
  • Ping.fm
  • MySpace
  • Yahoo! Bookmarks
  • Yahoo! Buzz

Tags: ,

This entry was posted on Monday, August 23rd, 2010 at 8:04 am and is filed under Ask the Expert, CCIE, Security, Strategy, Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Seeing is Believing- How can I see the entire config on an ASA?”

  1. Paul Stewart says:
    August 23, 2010 at 8:55 pm

    I also find the “more system:running-config” quite useful. It displays the keys :)

    VA:F [1.9.6_1107]
    Rating: 5.0/5 (1 vote cast)
    Reply

Leave a Reply