LMS 2.6 + SSG

Answered Question

I'm having a problem with LMS 2.6 and pushing configs out to our firewalls. We don't allow telnet into the firewalls, only SSH. LMS pulls the configs without a problem, but when I try to modify a config and push it out to a firewall it only seems to attempt to telnet and fails, so the config never gets pushed out. I made sure that SSH is the first in the list under RME transport settings for config deploy. Am I missing something else?

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 8 years 4 months ago

Ah, okay, this just means that telnet was attempted because SSH failed. The error points to a problem with one of the commands being deployed to the device. Exactly what are you deploying, and in what mode (merge or overwrite)?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joe Clarke Wed, 07/16/2008 - 09:28

What RME application are you using to push the change (i.e. Archive Mgmt, Config Editor, Netconfig)?

Joe Clarke Wed, 07/16/2008 - 09:44

Then you need to select Config Editor from the pull-down in the RME > Admin > Config Mgmt > Transport Settings window, and make sure the deploy protocol order is correct there as well.

Correct Answer
Joe Clarke Wed, 07/16/2008 - 10:00

Ah, okay, this just means that telnet was attempted because SSH failed. The error points to a problem with one of the commands being deployed to the device. Exactly what are you deploying, and in what mode (merge or overwrite)?

Maybe I spoke to soon...I did remove the access-list line entirely...i still get the same error. Here it is:

e Command(s) failed on the device Insufficient no. of interactive responses(or timeout) for command: no access-list in_out extended permit ip host *.*.*.* any . TELNET: Failed to establish TELNET connection to *.*.*.* - Cause: connect timed out.

Joe Clarke Wed, 07/16/2008 - 13:05

What happens when you run the command manually:

no access-list in_out extended permit ip host *.*.*.* any

What does the device say?

That's weird the access-list line gets removed even though I get the error (using RME). I tried removing 3 access-list lines instead of just one, I still get the same error, but one line does get removed. The line that gets removed is the same line that shows up in the error, and the other 2 lines do not get removed.

It works without a problem if I do it manually.

Joe Clarke Wed, 07/16/2008 - 13:21

The device does not prompt you for anything when entering the problematic line?

Joe Clarke Wed, 07/16/2008 - 14:33

It would help to see the Config Editor job log with Config Job debugging enabled. If this data is too sensitive to post on an open forum, then I suggest you open a TAC service request.

Joe Clarke Wed, 07/16/2008 - 19:26

/var/adm/CSCOpx/files/rme/jobs/ConfigEditor on Solaris and NMSROOT\files\rme\jobs\ConfigEditor on Windows.

Actions

This Discussion