FWSM config archive partially succesful

hendriksm · ‎11-08-2007

Hi,

I'm trying to save to configs of our multiple context fwsm, but I keep getting these errors:

TELNET: Failed to establish TELNET connection to 192.168.3.1 - Cause: connect timed out. Couldnot exit from Module No. 0

TELNET: Failed to establish TELNET connection to 192.168.3.1 - Cause: connect timed out. Couldnot enter ENABLE Mode from CONFIG Mode on 192.168.3.1.

I'm using LMS2.6.

Does anybody know how I can solve this issue?

Kind regards,

Michael

Joe Clarke · ‎11-08-2007

There is not enough information here to know what is going on. The best thing to do would be to get a sniffer trace of the telnet traffic between the LMS server and the FWSM when the sync archive job is running, then scan that trace for potential problems.

Additionally, enabling ArchiveMgmt Service debugging under RME > Admin > System Preferences > Loglevel Settings, then re-running the job will cause debug messages to be written to the dcmaservice.log. That may provide more of a clue as to what is happening.

hendriksm · ‎11-13-2007

Hi,

I've added the debug information.

Hope this makes some sense to you guys.

Kind regards,

Michael

Joe Clarke · ‎11-13-2007

Just so I'm looking at the right code, what version of the SharedDcmaSC package do you have installed?

hendriksm · ‎11-14-2007

Hi,

I'm using version 1.1.1

Kind regards,

Michael

Joe Clarke · ‎11-14-2007

There is a problem with the FWSM SC prompt. When RME first logs into the SC, the prompt is FWSM/NOB-cmf> . This changes to FWSM/NOB-cmf# when RME enables itself. Then, it changes to FWSM# . Based on the log, I'm not sure exactly what triggers that change. But the problem happens when RME finishes all of its work. It tries to exit from the device, but never gets back to the FWSM/NOB-cmf# prompt.

From the log, this appears to be the series that produces the FWSM# prompt:

FWSM/NOB-cmf> enable

Password: ...

FWSM/NOB-cmf# enable

FWSM# show pager

...

Can you confirm how the prompt turns from FWSM/NOB-cmf# to FWSM# ? I do not have an FWSM at hand with which to test, but if I can understand how we get to that FWSM# prompt, and how we can get back to FWSM/NOB-cmf# I may be able to patch this.

hendriksm · ‎11-14-2007

Hi,

FWSM# is the system context prompt, so for RME to get there it should issue the command: changto system or changto context system.

To get back to the FWSM/NOB-cmf# prompt RME should issue the command:

changto context NOB-cmf (case-sensitve)

As far as I can see RME is able to save the configs from all the firewall contexts, but seems to skip the admin context (NOB-cmf), because I can't find that config anywhere.

Hope this helps solve the issue

Kind regards,

Michael

Joe Clarke · ‎11-14-2007

Yes, I see the bug. We are entering the system context, but never properly reverting to the previous context on exit. What command will show you the current context?

hendriksm · ‎11-14-2007

Well the prompt shows you the name of the current context, like: FWSM/NOB-cmf# for example and FWSM# for the system context etc.

There is also the show context command, which will give an output like this:

FWSM/NOB-cmf# show context

Context Name Class Interfaces Mode URL

*NOB-cmf default NOB_DMZ,vlan63, Routed disk:/nob.cfg

Vlan111,Vlan260,

Vlan290,Vlan65,

Vlan80,Vlan81,

Vlan91,Vlan910,

Vlan92,Vlan93,Vlan96

But if you issue this command in the system context it will offcourse list all the contexts.

Kind regards,

Michael

Joe Clarke · ‎11-15-2007

Yeah, reading from the prompt will probably be easier. I'm waiting for some other developer feedback on my proposed patch, but hopefully, I'll have a solution to this soon. You will need to open a TAC service request to get any patch, though.

Joe Clarke · ‎11-15-2007

This is a known bug, CSCsj70409, which will be fixed in RME 4.1.1 (part of LMS 3.0.1) due out next month. I have put in a request to have this fixed in RME 4.0 as well.

hendriksm · ‎11-15-2007

OK, thanks for your help I will open a TAC case.

Kind regards,

Michael