Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2960 and ASA devices in Out-of-sync status

Hi,

we have a LMS 3.1 on a Windows and we are having problems with all our 2960 and ASA devices and the configs.

These devices always appear in the out-of-sync status, even if we execute "sync on device" or "copy runn start".

If we look at the "diff only", it appears the "ntp clock" command and these other:

-2960 startup config:

Crypto-Crypto PKI-Crypto PKI Certificate chain TP-self-signed-226392448

certificate self-signed 01 nvram:IOS-Self-Sig#3838.cer

-2960 running config:

Crypto-Crypto PKI-Crypto PKI Certificate chain TP-self-signed-226392448

certificate self-signed 01

-ASA: the following lines appear in the startup config but not in the running:

asdm location xxxxx 255.255.255.255 Gestion

Does anyone know how to fix this?

Devices packages are updated.

Regards.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: 2960 and ASA devices in Out-of-sync status

The ASA can be fixed by adding the "asdm location" command to the list of excluded commands under RME > Admin > Config Mgmt > Exclude Commands. The crypto issue is a known problem which can only be solved if the device supports "show running brief" and you are using TELNET or SSH to fetch the configuration. If you use TFTP, the configs will always be reported as different.

3 REPLIES
Cisco Employee

Re: 2960 and ASA devices in Out-of-sync status

The ASA can be fixed by adding the "asdm location" command to the list of excluded commands under RME > Admin > Config Mgmt > Exclude Commands. The crypto issue is a known problem which can only be solved if the device supports "show running brief" and you are using TELNET or SSH to fetch the configuration. If you use TFTP, the configs will always be reported as different.

New Member

Re: 2960 and ASA devices in Out-of-sync status

I am having the same problem. I have 24 2960's and every one of them fail the sync on the cert self signed portion of the config.

startup: Crypto-Crypto CA-Crypto CA certificate chain TP-self-signed-2xxxxxxxx8

certificate self-signed 01 nvram:sw-recjuv-1s#6D01.cer

running: Crypto-Crypto CA-Crypto CA certificate chain TP-self-signed-2xxxxxxxx8

certificate self-signed 01

All 24 of my 2960's are doing this.

Cisco Employee

Re: 2960 and ASA devices in Out-of-sync status

Review the comments in my previous post. If you are already fetching the config with telnet or SSH, then please start a new thread for your issue.

346
Views
0
Helpful
3
Replies