06-16-2008 03:42 AM
I'm not sure whether I can post this question in this forum, but still if someone can help me, it will be great.
Actually I have recently installed the CSM (Cisco security manager) 3.1, I have installed the cisco security manager client also.. and now I'm trying add my Firewall and IPS devices into it..
I have the following devices which I wanted to add to the CSM..
ASA
FWSM
AIP-SSM
IDSM-2
When I try add these devices, the AIP-SSM and IDSM-2 devices get added without any issues... but the ASA and FWSM devices doesn't get added and gives the following error..
For ASA the error is as below..
Please verify the device "IP address","Host Name", "Port Number" and "Domain Name" are correct, there is network connectivity between the CS Manager server and the device, and the device is configured to accept https connections, the device is running, and then retry this operation.
I have verified the connectivity by manually connecting to the ASA using the same credentials what I have provided and it is working fine, so there is really no connectivity issue but still I don't know why this error is being displayed....
For FWSM the error is as below....
If this error occurred during deployment, please refer to the deployment transcript for details. If this error occurred during discovery, please check the "vmsbesvcs.log" and "vmssharedsvcs.log" log files in the "NMSROOT\MDC\log\operation" directory on the CS Manager server for details If you are unable to resolve the problem using this information, please contact Cisco Technical Assistance Center.
I checked the log files and I could not understand anything from it, I have attached the same here also...
Can someone help me to solve this issue...
06-20-2008 12:30 PM
Follow the URL for the Cisco security manager 3.1 which will help you :
09-16-2008 02:53 AM
hi ...
we also used the csm in version 3.1.1 SP1 and made an update to version 3.2.1 SP1. After the update we cant do an hitcount discover anymore. i also looked at the same logfile "vmssharedsvcs.log" and found a lot of different error messages.
The hitcount always starts and ended up at 44%. The CSM Server go to 100% cpu load and doesnt do anymore. The only solution is to reboot the whole server. It doesnt matter which kind of firewall (5520 / 5510 / 5505) i want to discover.
The vmssharedsvcs.log i have attached is from the csm 3.2.1 SP1 server.
The next thing i have done is we rstored the "old" 3.1.1 SP1 CSM Server, because i want to make the update process again. i thought it was the update but as is looked at the old vmssharedsvcs.log on the old 3.1.1 SP1 server we had errors also. But the hitcount discover is successful - only the error messages are written to the log.
Please give me some advice for fixing this. What i also want to know - can we work with the CSM 3.2.1 SP1 is it better to fix the broblem with 3.1.1 SP1 and updating afterwards.
regards
PICC/TW
09-16-2008 08:15 PM
From 3.1.1 SP1 log I can see "PolicyNotFound" Exception. So just giving suggestion - Restart the services, move the workflow mode;check if there are any activities which are not in discard or approved mode. If so then discard all the activities. Try discovery with a fresh activity. Guess it will work.
Thanks,
Radhika
09-16-2008 08:10 PM
Below message from the log (CSM 3.1 logs) says that the device 10.0.100.17 is unreachable - https://10.0.100.17/config.
The device [10.0.100.17] is unreachable. Check IP address/hostname and https connectivity.
Can you please check if the device is reachable from the machine on which the server is installed and if it is reachable and you can https into the device from the server machine.
Thanks,
Radhika
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: