12-23-2008 02:59 AM
Hi,
we have a LMS 3.1 on a Windows and we are having problems with all our 2960 and ASA devices and the configs.
These devices always appear in the out-of-sync status, even if we execute "sync on device" or "copy runn start".
If we look at the "diff only", it appears the "ntp clock" command and these other:
-2960 startup config:
Crypto-Crypto PKI-Crypto PKI Certificate chain TP-self-signed-226392448
certificate self-signed 01 nvram:IOS-Self-Sig#3838.cer
-2960 running config:
Crypto-Crypto PKI-Crypto PKI Certificate chain TP-self-signed-226392448
certificate self-signed 01
-ASA: the following lines appear in the startup config but not in the running:
asdm location xxxxx 255.255.255.255 Gestion
Does anyone know how to fix this?
Devices packages are updated.
Regards.
Solved! Go to Solution.
12-23-2008 09:46 AM
The ASA can be fixed by adding the "asdm location" command to the list of excluded commands under RME > Admin > Config Mgmt > Exclude Commands. The crypto issue is a known problem which can only be solved if the device supports "show running brief" and you are using TELNET or SSH to fetch the configuration. If you use TFTP, the configs will always be reported as different.
12-23-2008 09:46 AM
The ASA can be fixed by adding the "asdm location" command to the list of excluded commands under RME > Admin > Config Mgmt > Exclude Commands. The crypto issue is a known problem which can only be solved if the device supports "show running brief" and you are using TELNET or SSH to fetch the configuration. If you use TFTP, the configs will always be reported as different.
04-10-2009 12:51 PM
I am having the same problem. I have 24 2960's and every one of them fail the sync on the cert self signed portion of the config.
startup: Crypto-Crypto CA-Crypto CA certificate chain TP-self-signed-2xxxxxxxx8
certificate self-signed 01 nvram:sw-recjuv-1s#6D01.cer
running: Crypto-Crypto CA-Crypto CA certificate chain TP-self-signed-2xxxxxxxx8
certificate self-signed 01
All 24 of my 2960's are doing this.
04-10-2009 02:13 PM
Review the comments in my previous post. If you are already fetching the config with telnet or SSH, then please start a new thread for your issue.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: