Add Images to software repository using SSH over NAT

Unanswered Question
Feb 15th, 2008
User Badges:

I have problems adding images to software repository using SSH when the CiscoWorks servers adr. is using NAT to some networks. It works fine to the networks that is not using NAT. I have entered the adr. the CiscoWorks server is NAT to, but every time it fails getting the image. The NAT i done in a Cisco PIX. I i make a capure in the firewall, then i can see it only tryes to connect using TELNET, and NEVER tryes to connect using SSH. I have no problems getting images using TELNET to other devices using the same NATTET adr. Further more i can get configs using SSH from the same devices that fails software download using SSH

Any god ideas to what could be wrong ?

By the way, CiscoWorks version is 2.6

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Fri, 02/15/2008 - 11:00
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Check the settings under RME > Admin > Software Management > View/Edit Preferences. Make sure "Use SSH for software image upgrade and software image import through CLI." is checked.

jesper_fr Fri, 02/15/2008 - 14:10
User Badges:

the "check" was missing, but it still fails. I get this message in the log file:

dir /all flash:

Directory of flash:/

2 -rwx 8295106 Mar 28 1993 07:04:22 +02:00 c3560-ipbasek9-mz.122-40.SE.bin

3 -rwx 996 Feb 13 2008 10:22:11 +01:00 vlan.dat

5 -rwx 7345 Feb 14 2008 08:25:15 +01:00 config.text

6 -rwx 3580 Feb 14 2008 08:25:15 +01:00 private-config.text

7 -rwx 1048 Feb 14 2008 08:25:15 +01:00 multiple-fs

32514048 bytes total (24203776 bytes free)

T2P2-04#copy flash:c3560-ipbasek9-mz.122-40.SE.bin tftp://

copy flash:c3560-ipbasek9-mz.122-40.SE.bin tftp://

% Invalid input detected at '^' marker.


The marker i surposed to be at the : after tftp

Joe Clarke Fri, 02/15/2008 - 16:49
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Is there really a space after "tftp://"? If so, double-check your RME NAT ID, and make sure there is no space there. You should also try performing the copy operation manually to rule out any potential authorization problems on the device.

jesper_fr Fri, 02/15/2008 - 23:15
User Badges:

There was a space in front of the NATTET IP adr.

Now it works.

Thanks a lot :o)

jesper_fr Mon, 02/18/2008 - 00:21
User Badges:

Now it works using SSH, but not with TELNET. We do not run SSH to all devices. On some we use TELNET and some use SSH.

If "Use SSH for software image upgrade and software image import through CLI" is checked, then it allways use SSH for downloading images. If it's not checked, then i will not work using SSH over NAT, but will work with TELNET.

What do i do in a case like this ?

Joe Clarke Mon, 02/18/2008 - 06:53
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This problem was fixed in RME 4.1 (part of LMS 3.0). If you can't upgrade, you will have to continue to toggle the checkbox when you need to operate on devices with different access policies.


This Discussion