The other day I had to copy the config of an ASA and a PIX to other devices. They both had VPNS to different sites and I had to have those keys as no one documented them.
A few different ways to get those keys are:
Option 1: Login using ASDM and make a full backup including preshared keys
Option 2: Run the cli command :
Option 3: Copy running config to a TFTP/FTP server
The above options exist for the PIX as well. I have read that the more command will work , but it did not for me. Then I found this option to get the Keys on the pix:
Enable http server, create a username and go to https://pix-ip/config the key is then shown in clear text.
Commands to do that:
http server enable
http 0.0.0.0 0.0.0.0 inside
username admin password password
The go to the web interface.
Today I had an issue while configuring two 60c’s in an HA configuration. This usually takes about 2 minutes and is extremely easy. Unless your hardware doesn’t match. HA requires that hardware matches on the two different units. When these were purchased the hardware did match, but at sometime in the past, one was RMAed and we received one with a hard drive. This broke the HA capability.
The error I kept seeing was about the hardware not being the same. The error was: “slave and master have different hdisk status. Cannot work with HA master. Shutdown the box! The system is halted.”
This command can get you past that:
exec ha ignore-hardware-revision enable
This will allow the HA cluster to ignore the hardware-revision for the frigates and come up.
There are a lot more things that will cause problems, for example if your drives have been formatted with a pervious version of fortios. You might need to run :