cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
720
Views
0
Helpful
3
Replies

2960 and ASA devices in Out-of-sync status

cmartinvalle
Level 1
Level 1

Hi,

we have a LMS 3.1 on a Windows and we are having problems with all our 2960 and ASA devices and the configs.

These devices always appear in the out-of-sync status, even if we execute "sync on device" or "copy runn start".

If we look at the "diff only", it appears the "ntp clock" command and these other:

-2960 startup config:

Crypto-Crypto PKI-Crypto PKI Certificate chain TP-self-signed-226392448

certificate self-signed 01 nvram:IOS-Self-Sig#3838.cer

-2960 running config:

Crypto-Crypto PKI-Crypto PKI Certificate chain TP-self-signed-226392448

certificate self-signed 01

-ASA: the following lines appear in the startup config but not in the running:

asdm location xxxxx 255.255.255.255 Gestion

Does anyone know how to fix this?

Devices packages are updated.

Regards.

1 Accepted Solution

Accepted Solutions

Joe Clarke
Cisco Employee
Cisco Employee

The ASA can be fixed by adding the "asdm location" command to the list of excluded commands under RME > Admin > Config Mgmt > Exclude Commands. The crypto issue is a known problem which can only be solved if the device supports "show running brief" and you are using TELNET or SSH to fetch the configuration. If you use TFTP, the configs will always be reported as different.

View solution in original post

3 Replies 3

Joe Clarke
Cisco Employee
Cisco Employee

The ASA can be fixed by adding the "asdm location" command to the list of excluded commands under RME > Admin > Config Mgmt > Exclude Commands. The crypto issue is a known problem which can only be solved if the device supports "show running brief" and you are using TELNET or SSH to fetch the configuration. If you use TFTP, the configs will always be reported as different.

stephenscott
Level 1
Level 1

I am having the same problem. I have 24 2960's and every one of them fail the sync on the cert self signed portion of the config.

startup: Crypto-Crypto CA-Crypto CA certificate chain TP-self-signed-2xxxxxxxx8

certificate self-signed 01 nvram:sw-recjuv-1s#6D01.cer

running: Crypto-Crypto CA-Crypto CA certificate chain TP-self-signed-2xxxxxxxx8

certificate self-signed 01

All 24 of my 2960's are doing this.

Review the comments in my previous post. If you are already fetching the config with telnet or SSH, then please start a new thread for your issue.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: