We're setting up an ipsec tunnel and as I look at the config to apply, I'm not really comfortable with how to rollback our changes.
I'm familiar with saving the config in this manner:
copy running-config startup-config
I'm familiar with loading config in the opposite way:
copy startup-config running-config
However I understand that last command will do more a merge of the previous config than overwriting, and isn't a guarantee of restored values.
The only sure-fire method I know of would be to run a reload, which would wipe the running-config and load entirely from startup-config on the reboot, but that would then make interruption of network traffic certain, perhaps taking some minutes.
Is there another way to recover the config more dependably?
I found a command called configure replace, which looks promising, but it doesn't look as if I have it on my ASA:
ciscoasa(config)# configure ?
configure mode commands/options:
WORD Configure from HTTP:
http(s)://[<user>:<password>@]<location>[:<port>]/<pathname>.
Place IPv6 address within square brackets if a port is
specified.
factory-default Configure from factory-default
memory Configure from memory
net Configure from tftp
exec mode commands/options:
terminal Configure using terminal/console
Best Answer
Indeed
copy startup-config running-configwill do a merge, not an overwrite. So you can do the following:Obviously this will still cause a brief outage as there is a (very short) timeframe during which the ASA operates with the default config, but it should definitely be shorter than rebooting.
Just make sure to do this on the console, if you do it over SSH you could cut yourself off.