cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
626
Views
5
Helpful
8
Replies

Pix Firewall Managment in CW LMS RME

NPT_2
Level 2
Level 2

Is it possible to manage/archive Pix Firewall configurations in CiscoWorks LMS? I have added our Pix Firewall in LMS however the config fetch fails in RME with the following error:

CM0056 Config fetch failed for Pix515 Cause: CM0204 Could not create DeviceContext for 63 Cause: CM0202 Could not access 172.16.x.x via SNMP. Action: Check the Read Community string Action: Check if required device packages are available in RME. Action: Check if protocol is supported by device and required device package is installed.

Is it even possible to archive pix configurations in LMS RME? Any thoughts?

8 Replies 8

Joe Clarke
Cisco Employee
Cisco Employee

Yes, it is possible. RME supports TELNET and SSH transports for archiving configurations from PIX, ASA, and FWSM devices. This problem could point to a package issue, missing TELNET or SSH from your config fetch protocol list, or bad credentials in DCR for this PIX.

Thanks for the ideas. I just checked my credentials and they are set fine. But if I run a check credentials job all results are Device Not Reachable. Also I am seeing Device Type Unknown in Device Center. I'm going to check my package and see if I need to update those for pix support.

Do you have any other thoughts? I just check my packages and I show:

416. 1.3.6.1.4.1.9.1.677 Cisco PIX 515E Firewall Security Context Rtr3200 5.0

being available.

Also I checked my config transport settings and I have TELNET, TFTP, SSH, RCP , and HTTPS for config fetch and TELNET, TFTP, SSH, and HTTPS for config deploy.

You're probably on Windows, and your package repository is probably damaged. The directories NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/lib/pkgs and NMSROOT/www/classpath/com/cisco/nm/xms/psu/pkgs/rme must be identical in terms of .zip files.

I'm just now updating all my packages to the latest version to see if this helps. If not what is the easiest way to fix the damaged package repository?

If the package directories are not the same, you will need to manually sync the two, then restart CiscoWorks Daemon Manager.

Thanks for the assistance, you pointed me in the right direction. The problem turned out to be an incorrect snmp string. The strange thing is until I got that string right my telnet credential verification failed too, now they are are working fine and my configuration in now synchronized and it shows PIX515E for my device type.

Thanks Again,

Jim

Without a valid SNMP community string, LMS couldn't read the sysObjectID to know what type of device it was.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: