Solved: LMS Questions

brianwagerer · ‎03-14-2007

Hello,

I have installed LMS 2.5 and upgraded to LMS 2.6 how do i configure my PIX 515e to show up in LMS?

I can not figure out how to set the snmp ro and rw strings.

Joe Clarke · ‎03-15-2007

You need to add an snmp-server host command for your CiscoWorks server. For example, if your CiscoWorks server's address is 10.1.1.1, and it is on the inside interface of the PIX:

snmp-server host inside 10.1.1.1

View solution in original post

Joe Clarke · ‎03-14-2007

You will first need to make sure you have all of the latest RME 4.0.5 device packages installed from Cisco.com. You can do this under Common Services > Software Center > Device Update. The PIX 515E support was added recently.

To add a device and credentials into LMS 2.5+, go to Common Services > Device and Credentials > Device Management, and click Add. First fill in all of the device identity information (i.e. hostname, IP, etc.), then click Next to fill in the credentials (including the community strings).

Note: you only need a read-only community string for PIXes.

acomiskey · ‎03-14-2007

there is no rw in pix.

brianwagerer · ‎03-14-2007

Ok I have the ro string set in the PIX

However when I run the inventory collection it fails on the PIX with Transport session to device failed. Cause: Authentication failed on device.

Joe Clarke · ‎03-14-2007

Inventory Collection or Config Collection? This error looks more like a configuration archive sync message. What version of the Pix RME device package do you have? Does SNMP Walk of the PIX work in the LMS Device Center using the same RO community string you specified in DCR?

brianwagerer · ‎03-15-2007

Failed to snmpwalk the device. Please check your community string and starting OID, and try again.

How do i konw what the starting OID is?

Joe Clarke · ‎03-15-2007

The problem is most likely not the starting OID (though you can try .1.3.6.1.2.1.1), but rather with the SNMP configuration on the PIX. What is your configuration? Is the LMS server allowed to query the PIX via SNMP?

brianwagerer · ‎03-15-2007

In the PIX i have these settings

snmp-server location MTR

snmp-server contact ******

snmp-server community ******

snmp-server enable traps snmp

Joe Clarke · ‎03-15-2007

You need to add an snmp-server host command for your CiscoWorks server. For example, if your CiscoWorks server's address is 10.1.1.1, and it is on the inside interface of the PIX:

snmp-server host inside 10.1.1.1

brianwagerer · ‎03-15-2007

Ok that worked, so i have to do the same for a VPN 3000 Concentrator?

Joe Clarke · ‎03-15-2007

You first need to enable SNMP on the concentrator, then add your strings, and save your configuration. See http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee11f.html#wp999648 for documentation.

brianwagerer · ‎03-15-2007

I have already configured these settings.

Joe Clarke · ‎03-15-2007

Then double-check the community string is valid DCR for the Concentrator, and make sure there are no firewalls between the LMS server and the Concentrator that could be blocking SNMP.

You should also check your Concentrator filters and rules to see if you're blocking SNMP. That is done under Configuration > Policy Management > Traffic Management.