The configuration in ASA PRSM is the default factory, no policies created, just uploaded the NGIPS license for 1 year in each ASA PRSM.
In PRSM Server is loaded a license to manage 5 devices. Rest of the licenses present is the evaluation licenses in the version loaded.
The connection between ASA PRSM and PRSM Server is correct through https or ping.
In PRSM Server when i try to add a device, in Policy/Settings menu, all the data are introduced correctly, ip of primary ASA, port, and username and password. Then appears that PRSM has detected that ASA is in a cluster active / passive, and i can see the certificate that ASA presents.
Then it detects each ASA has a CX module and asks for the password od the user admin. And when i apply this step to finish the discovery of the ASAs, its whe appears the error i said before.
So any advice or help would be very appreciated because i'm stuck at this point, and i dont know if its a bug of the version, or i'm doing something wrong.
I do not see any compatibility issues with the versions of SW you use.
I guess you have some issues with the admin password which you use for integrating CX-Module.
If the ASA contains an ASA CX SSP, you are prompted for its communication properties. Please ensure that you issue the exact steps as mentioned below for adding cx module to prsm multiple device mode.
The properties are explained above. Keep the following in mind when filling in the properties for ASA CX:
The admin username and password are required. The admin username is the only one allowed for device discovery.
Do not change the admin password on the device after adding it to the inventory, or communication with the device will fail. You will have to delete the device from the inventory and add it again to use the new password.
Keep the port number 443.
You cannot change the device name, but you can change the default description.
The IP address is discovered through the parent ASA. If you configured both IPv4 and IPv6 management addresses, the IPv4 address is the one used. If you prefer, you can replace this with the global IPv6 address.
If there is a NAT boundary between the PRSM server and the device, be aware that the discovered address is the real IP address of the device. You must change it to the NAT address for discovery to succeed.
Adding the Cisco document URL for better understanding on the whole part.
Thank for your reply. I think that i follow all the steps above. The user admin in PRSM is not change, it has the default password. In the version i use, it detects that there's an ASA Active / Standby pair, and it assigns a different name to each other, though they have the same name in the config, as expected.
The ASA uses a third party certificate issued by, but the PRSM uses the self-signed certificate. But i'm only adding the ASA in monitoring only, and then the CX module, so i dont think i should add the root CA of the ASA certificate in the PRSM.
I followed the steps in the link you attached, and everything is correct. So i dont know where my problem could be. Now i'm uploading the version to the 184.108.40.206-82
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...