Welcome, Guest. Please login or register.

Author Topic: Large ASA firewall taking 20 mins to backup config at midnight  (Read 2214 times)

jonesamu

  • Guest
Large ASA firewall taking 20 mins to backup config at midnight
« on: November 04, 2013, 04:46:24 PM »

On our nightly run I have a Cisco ASA 5585 that is taking 20+ minutes to backup the config.

Any help is appreciated?

INFO:
ASA 5585  Config (CLI)
CONF:8144 lines read
DISC:ToDo/Done-Time                       88/1-1341s (22+ mins)

Another ASA 5585  Config (CLI)
CONF:5327 lines read
DISC:ToDo/Done-Time                       87/2-41s (< 1 min)

CronTab
/var/nedi/nedi.pl -vpB5 -SgafoWjitedbwAO > /tmp/nedi-00.bup 2>&1 &

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2786
    • View Profile
    • NeDi
Re: Large ASA firewall taking 20 mins to backup config at midnight
« Reply #1 on: November 04, 2013, 07:45:19 PM »
Do a manual backup nedi.pl -dba <asaip> and open 2 more terminals with tail -f input.log and tail -f output.log to see what exactly happens. The other ASA seems to run fine...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

jonesamu

  • Guest
Re: Large ASA firewall taking 20 mins to backup config at midnight
« Reply #2 on: November 05, 2013, 01:05:35 AM »
Ran manual backup for ASA... watched output.log and input.log, did not see any errors just slow appending to output.log like the information was coming across the network in chunks at a time.

Still not sure what the issue may be.

jonesamu

  • Guest
Re: Large ASA firewall taking 20 mins to backup config at midnight
« Reply #3 on: November 06, 2013, 06:33:44 PM »
These are the two lines that are seen before the long pause

CMD :no terminal pager,
CMD :show run

any ideas on what to look for?

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2786
    • View Profile
    • NeDi
Re: Large ASA firewall taking 20 mins to backup config at midnight
« Reply #4 on: November 09, 2013, 06:45:00 PM »
Can you sniff packets? Maybe the ASA is just slow? What if you do this manually?
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

jonesamu

  • Guest
Re: Large ASA firewall taking 20 mins to backup config at midnight
« Reply #5 on: November 11, 2013, 04:31:40 PM »

If I login to the asa from the server running nedi and manually run the commands " no terminal pager and a show run " it shows the config quickly.


rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2786
    • View Profile
    • NeDi
Re: Large ASA firewall taking 20 mins to backup config at midnight
« Reply #6 on: November 11, 2013, 06:37:04 PM »
Strange indeed! And I don't have any more ideas as to narrow down the problem. Are they same version? I assume 2 different clusters and you use active IP both times? BTW you can use mapna to distinguish them, since a cluster returns the same hostname:

mapna      192.168.3.1   fw1-Act
mapna      192.168.3.2   fw1-Stb
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo