Skip to main content

 

 

Cisco Defense Orchestrator

Restore an ASA Configuration

  1. Last updated
  2. Save as PDF

This procedure describes how to restore configuration changes made to an ASA using Cisco Defense Orchestrator (CDO). This is a convenient way to remove a configuration change that had unexpected or undesired results.

Before You Restore a Configuration

Review these notes before restoring a configuration:

  • CDO compares the configuration you choose to restore with the last known configuration deployed to the ASA, it does not compare the configuration you choose to restore with a configuration that is staged but not deployed to the ASA's memory. If you have any un-deployed changes on your ASA and you restore a previous configuration, the restore process will overwrite your un-deployed changes and you will lose them.
  • Restoring a past configuration overwrites all intermediate deployed configurations changes. For example, restoring the configuration from 07/11/2017 in the list below overwrites the configuration changes made on 7/13/2017.

restore_configuration.png

  • You can revert to a configuration stored within the last year.
  • If you originally applied a change request label to your configuration changes, that label appears in the Restore Configuration list.
  • Before you can restore a past configuration, the ASA can be in a Synced or Not Synced state but you must resolve any configuration conflicts before you restore a past configuration.

 

How to Restore a Configuration

  1. Open the Devices & Services page.
  2. Select the ASA whose configuration you want to restore.
  3. Select Configuration > Restore Configuration in the right pane.

restore_configuration_button.png

  1. In the Restore Configuration pane, select the configuration you want to revert to. For example, in the picture above, the configuration from 07/11/2017 is selected and highlighted.
  2. Compare the "Latest Running Configuration Verified by CDO" and the "Selected Configuration from <date>" to ensure you want to restore the configuration displayed in the Selected Configuration from <date> window.
  3. Click Restore, this stages the configuration in CDO. On the Devices & Services page, you see that the configuration status of the device is "Not Synced."
  4. Click Deploy Changes... in the right-hand pane to deploy the changes and sync the ASA.

Troubleshooting

How do I recover changes I lost but wanted to keep?

  1. Select the ASA on the Devices & Services page.
  2. Click Change Log in the right pane.
  3. Review the changes in the change log. You may be able to reconstruct your lost configurations from those records.