There are times you will need to add configuration or make changes toa live PIX Firewall or ASA.
It is common for the original pre-shared keys used in site-to-site VPNs to be mislaid or forgotten. For example, perhaps the previous manager has left the company.
It is not possible to see a copy of the configuration with the keys viewable as they are hidden as ******.
The answer is to save a copy of the configuration to a TFTP server. This file can then be viewed using any simple text document. It can also be used to re-configure the device back to its original state if necessary.
-Tony Holmes, Cistek Solutions Ltd, Cheltenham, Glos, England, UK
Editor’s Note: The command is “write net <tftp_ip>:<filename>” (or you can just use “write net” if a tftp-server has been previously defined in the running configuration). You can learn more about this feature at:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008072142a.shtml#write
Also, starting with version 7.0, administrators can optionally use the “copy” command to copy either the startup-config or running-config to either a TFTP or FTP server.
* “copy running-config tftp:<URL>”
* “copy running-config ftp:<URL>”
More information on the copy command can be found here:
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/c4_711.htm#wp2041583
Source : supportwiki