Integrating Ciscoworks 3 with ASA device

Unanswered Question
Oct 22nd, 2008
User Badges:

Can someone point me in the right direction. I want to get the LMS server to achive and store all the ASA configurations we have (5 and counting). However I cannot seem to get this working. One of the devices has been added to LMS but I cannot seem to get it to retrieve the configuration.


Both devices are setup to use the same ACS server and the account specified in LMS will let me log into the ASA without issues. SSH access is also enabled on the ASA.


Thanks in advance


Giles Cooper

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Wed, 10/22/2008 - 08:53
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

What version of RME do you have? What errors do you get when you try to sync the config from the ASA devices?

bgl-group Wed, 10/22/2008 - 23:53
User Badges:

RME version is 4.2.0


The error message from the config collection report is


CM0056 Config fetch failed for bre-vpn-fw01 Cause: CM0204 Could not create DeviceContext for 234 Cause: CM0202 Could not access 192.168.254.250 via SNMP. Action: Check the Read Community string Action: Check if required device packages are available in RME. Action: Check if protocol is supported by device and required device package is installed.


However the SNMP strings are set correctly at each end, and the packages should be installed (I upgrade all missing packages to try and solve the problem).


Giles

Joe Clarke Thu, 10/23/2008 - 07:40
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

What is the sysObjectID of this ASA?

bgl-group Thu, 10/23/2008 - 08:02
User Badges:

The OID for the ASA is 1.3.6.1.4.1.9.1.669


I just double checked and this is the same ID that LMS is using for the device.

Joe Clarke Thu, 10/23/2008 - 08:09
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This device is supported, so there must be a problem with your package installation. I'm guessing this is a Windows server. Please post the list of contents under NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/lib/pkgs and NMSROOT/www/classpath/com/cisco/nm/xms/psu/pkgs/rme.

Joe Clarke Thu, 10/23/2008 - 08:25
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This looks good. How does the ASA show up in the device selector?

bgl-group Thu, 10/23/2008 - 23:57
User Badges:

Screenshot from device selector in LMS attached.


I am starting to wonder if the problem lies with the ASA configuration - does anyone have a guide for what needs to be set to allow LMS to run with an ASA.



joels Fri, 10/24/2008 - 00:21
User Badges:

I seem to be having the same issues with a pair of ASA's. 5510's like yours.


When you go to RME/Config Mgmt/Archive Mgmt, are you able to select the device? Mine seems to be locked or greyed out....


I can do an SNMP walk on the devices, and access rights are working ok for Telnet, but the LMS won't do a config fetch for archive.

Joe Clarke Fri, 10/24/2008 - 11:21
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You will need to enable ArchiveMgmt Service debugging under RME > Admin > System Preferences > Application Loglevel Settings, reproduce the problem, then post the dcmaservice.log.


The previous error you posted points to a device support problem, and not an issue with the ASA.

Joe Clarke Tue, 10/28/2008 - 08:07
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

What is the sysObjectID of this ASA? Please post the list of contents under NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/lib/pkgs and NMSROOT/www/classpath/com/cisco/nm/xms/psu/pkgs/rme.

bgl-group Tue, 10/28/2008 - 08:14
User Badges:

I already posted the information you asked for several posts back and haven't changed anything else on the server since.


OID 5th message in thread


Directory contents 7th message in thread

Joe Clarke Tue, 10/28/2008 - 08:21
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Sorry, for whatever reason, the latest post was the RME version and error. I simply re-replied to that.


There are no errors in this log. What transport protocols do you have enabled for config fetch under RME > Admin > Config Mgmt > Transport Settings?

bgl-group Tue, 10/28/2008 - 08:27
User Badges:

transport protocols for config fetch are in order.


SSH

TFTP

TELNET

RCP


SCP and HTTPS are both available but not configured for devices. Do I need these to be enabled for the ASA

Joe Clarke Tue, 10/28/2008 - 08:38
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

No, TELNET and SSH are sufficient. At this point, I recommend you open a TAC service request so that this problem can be analyzed in real time.

Actions

This Discussion