1-27
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Managing Software and Configurations
  Configuring Auto Update
• Simplifying security solutions for Service Provider environments.
The Auto Update specification provides the infrastructure necessary for remote management 
applications to download ASA configurations, software images, and to perform basic monitoring from 
a centralized location or multiple locations.
The Auto Update specification allows the Auto Update server to either push configuration information 
and send requests for information to the ASA, or to pull configuration information by having the ASA 
periodically poll the Auto Update server. The Auto Update server can also send a command to the ASA 
to send an immediate polling request at any time. Communication between the Auto Update server and 
the ASA requires a communications path and local CLI configuration on each ASA.
Guidelines and Limitations
• If HTTPS is chosen as the protocol to communicate with the Auto Update server, the ASA uses SSL, 
which requires the ASA to have a DES or 3DES license.
• Auto Update is supported in single context mode only.
Configuring Communication with an Auto Update Server
Detailed Steps
–
To configure the ASA as an Auto Update client, perform the following steps:
Step 1 To specify the URL of the Auto Update Server, enter the following command:
hostname(config)# auto-update server url [source interface] [verify-certificate]
where url has the following syntax:
http[s]://[user:password@]server_ip[:port]/pathname
SSL is used when https is specified. The user and password arguments of the URL are used for basic 
authentication when logging in to the server. If you use the write terminal, show configuration or show 
tech-support commands to view the configuration, the user and password are replaced with ‘********’.
The default port is 80 for HTTP and 443 for HTTPS.
The source interface keyword and argument specify which interface to use when sending requests to the 
Auto Update Server. If you specify the same interface specified by the management-access command, 
the Auto Update requests travel over the same IPsec VPN tunnel used for management access.
The verify-certificate keyword verifies the certificate returned by the Auto Update Server.
Step 2 (Optional) To identify the device ID to send when communicating with the Auto Update Server, enter 
the following command:
hostname(config)# auto-update device-id {hardware-serial | hostname | ipaddress [if-name] 
| mac-address [if-name] | string text}
The identifier used is determined by specifying one of the following parameters:
• The hardware-serial argument specifies the ASA serial number.
• The hostname argument specifies the ASA hostname.