06-24-2014 03:57 PM - edited 03-11-2019 09:22 PM
Hi,
I'm trying to add a pair of ASA in HA (Active - Standby) in PRSM Server Multimode Device Mode. I'm getting the error that appears in the title:
"Error ASA CX import configuration - Unauthorized request
Version ASA: 9.1.3
ASA CX: 9.2.1.1 (48)
ASA PRSM: 9.2.1.1 (48)
PRSM Server: 9.2.1.1 (48)
The configuration in ASA PRSM is the default factory, no policies created, just uploaded the NGIPS license for 1 year in each ASA PRSM.
In PRSM Server is loaded a license to manage 5 devices. Rest of the licenses present is the evaluation licenses in the version loaded.
The connection between ASA PRSM and PRSM Server is correct through https or ping.
In PRSM Server when i try to add a device, in Policy/Settings menu, all the data are introduced correctly, ip of primary ASA, port, and username and password. Then appears that PRSM has detected that ASA is in a cluster active / passive, and i can see the certificate that ASA presents.
Then it detects each ASA has a CX module and asks for the password od the user admin. And when i apply this step to finish the discovery of the ASAs, its whe appears the error i said before.
So any advice or help would be very appreciated because i'm stuck at this point, and i dont know if its a bug of the version, or i'm doing something wrong.
Thanks in advance.
Regards,
06-24-2014 11:56 PM
Hi Palonso,
I do not see any compatibility issues with the versions of SW you use.
I guess you have some issues with the admin password which you use for integrating CX-Module.
If the ASA contains an ASA CX SSP, you are prompted for its communication properties. Please ensure that you issue the exact steps as mentioned below for adding cx module to prsm multiple device mode.
Tip | Do not change the admin password on the device after adding it to the inventory, or communication with the device will fail. You will have to delete the device from the inventory and add it again to use the new password. |
Adding the Cisco document URL for better understanding on the whole part.
http://www.cisco.com/c/en/us/td/docs/security/asacx/9-1/user/guide/b_User_Guide_for_ASA_CX_and_PRSM_9_1/b_User_Guide_for_ASA_CX_and_PRSM_9_1_chapter_0110.html#task_7E648F43AD724DA2983699B12E92A528
HTH
Regards
Karthik
06-25-2014 12:48 AM
Hi nkarthikeyan,
Thank for your reply. I think that i follow all the steps above. The user admin in PRSM is not change, it has the default password. In the version i use, it detects that there's an ASA Active / Standby pair, and it assigns a different name to each other, though they have the same name in the config, as expected.
The ASA uses a third party certificate issued by, but the PRSM uses the self-signed certificate. But i'm only adding the ASA in monitoring only, and then the CX module, so i dont think i should add the root CA of the ASA certificate in the PRSM.
I followed the steps in the link you attached, and everything is correct. So i dont know where my problem could be. Now i'm uploading the version to the 9.2.1.2-82
If you have any other idea, i'll be gratefull.
Thanks in advance.
Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: