12-18-2008 10:04 AM
Is it possible to manage/archive Pix Firewall configurations in CiscoWorks LMS? I have added our Pix Firewall in LMS however the config fetch fails in RME with the following error:
CM0056 Config fetch failed for Pix515 Cause: CM0204 Could not create DeviceContext for 63 Cause: CM0202 Could not access 172.16.x.x via SNMP. Action: Check the Read Community string Action: Check if required device packages are available in RME. Action: Check if protocol is supported by device and required device package is installed.
Is it even possible to archive pix configurations in LMS RME? Any thoughts?
12-18-2008 10:10 AM
Yes, it is possible. RME supports TELNET and SSH transports for archiving configurations from PIX, ASA, and FWSM devices. This problem could point to a package issue, missing TELNET or SSH from your config fetch protocol list, or bad credentials in DCR for this PIX.
12-18-2008 10:20 AM
Thanks for the ideas. I just checked my credentials and they are set fine. But if I run a check credentials job all results are Device Not Reachable. Also I am seeing Device Type Unknown in Device Center. I'm going to check my package and see if I need to update those for pix support.
12-18-2008 10:25 AM
Do you have any other thoughts? I just check my packages and I show:
416. 1.3.6.1.4.1.9.1.677 Cisco PIX 515E Firewall Security Context Rtr3200 5.0
being available.
Also I checked my config transport settings and I have TELNET, TFTP, SSH, RCP , and HTTPS for config fetch and TELNET, TFTP, SSH, and HTTPS for config deploy.
12-18-2008 10:33 AM
You're probably on Windows, and your package repository is probably damaged. The directories NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/lib/pkgs and NMSROOT/www/classpath/com/cisco/nm/xms/psu/pkgs/rme must be identical in terms of .zip files.
12-18-2008 10:39 AM
I'm just now updating all my packages to the latest version to see if this helps. If not what is the easiest way to fix the damaged package repository?
12-18-2008 10:45 AM
If the package directories are not the same, you will need to manually sync the two, then restart CiscoWorks Daemon Manager.
12-18-2008 11:20 AM
Thanks for the assistance, you pointed me in the right direction. The problem turned out to be an incorrect snmp string. The strange thing is until I got that string right my telnet credential verification failed too, now they are are working fine and my configuration in now synchronized and it shows PIX515E for my device type.
Thanks Again,
Jim
12-18-2008 11:22 AM
Without a valid SNMP community string, LMS couldn't read the sysObjectID to know what type of device it was.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: