04-16-2009 05:58 AM
I have an ASA5510 that I am having trouble syncing the archive. When I look at the difference between the configs, there seems to be no difference. What would cause the archive to not sync?
(Startup)
SNMP
snmp-server community ********
(Running)
SNMP
snmp-server community ********
04-16-2009 09:07 AM
Do you mean that Sync Archive jobs are failing for this device, or RME is constantly showing the startup and running configurations as being out of sync? If the latter, and if RME thinks the community strings are out of sync, check the values to make sure they are the same. If the former, what errors do you get trying to sync the archive?
04-16-2009 10:10 AM
Hi Joe,
On the RME home screen under "Config Archive" the same device is always out of sync. When I look at the difference between the configs using the diff only function is shows up exactly as I indicated in the previous post...all asterisks. When I log into the device, viewing the startup config I can see the actual community name next to "snmp-server community", while viewing the running config, there are asterisks for "snmp-server community"
Startup:
snmp-server community l*****R (I put the asterisks are to hide actual string)
Running:
snmp-server community ******* (asterisks actually showing up in the config)
When I view the diff between the config in RME, see the attachment as to what I am seeing.
Thanks for the help.
04-16-2009 10:22 AM
Ah. What version of code is running on this ASA?
04-16-2009 11:59 AM
Cisco Adaptive Security Appliance Software Version 8.0(4)16
04-16-2009 12:06 PM
You're seeing the product of CSCsu90370. This bug requested that SNMP community strings in show run be masked on the ASA/PIX. The bug was fixed in 8.0(4.8).
Since the ASA is no longer providing the clear text SNMP community in the running config, RME has no way to know if its value is in sync with the startup config, and thus the out of sync entry is expected.
Given this, you might consider adding an exclude for this command under RME > Admin > Config Mgmt > Exclude Commands.
04-16-2009 12:10 PM
Thanks Joe. I have excluded snmp-server and the sync is successful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide