We've recently installed trial version of Cisco Prime Infrastructure 2.0 Express. We hoped that it already supports Cisco ASA 55xx series (especially 5505, we have pretty amount of them). But we had some problems with PI and asa durind the exploitation process.
First, I've added ASA to PI, and Inventory Collection Status is Completed, but I can't see CPU and RAM utilization graphs. Inventory.logs are non-informative.
Also, config backup is success, but when I try to watch the backuped configuration at Configuration Archive PI says "Failed to fetch raw configuration". And so on.
ASA version is 5505, image is 9.1(2).
So, I have a question: is it possible to manage ASAs with PI 2.0?
UPD: I've just tried to upgrade asa to 9.1(4), and behavior of the equipment is quite the same. Seems we shall wait for 9.2 to be released.
Have you downloaded and applied the latest Device Pack updates?
PI enhanced ASA support after the initial 2.0 release and the Device Packs incorporate that change.
The README file for Device Packs explains how to install them. (A bug currently does not allow the direct download in PI so you need to follow the method for installation from local storage after you manually download. Here is a link to the download location.
Уes, I've downloaded and installed this one from the very beginning. Without that pack I couldn't even see any details about ASA.
May be there are problems of Express version of PI?
install virt.aaplaence PI 2.0
cisco asa 9.1
|Collection Status||Failed feature(s)|
|feature_image_firewall||Timed out while receiving CLI response from device. Please check device response speed and network latency.|
Interesting - the device pack readme says it's supported on ASA 9.1(2). I'd push back on that TAC advice.
I have heard that ASA 9.2 should be out sometime in the next month. That remains to be announced by Cisco though.
Interesting I see those release notes but not an image yet (see screenshot attachment).
The notes saying ASA 9.1 is compatible are wrong because of a bug related to SNMP packets on the ASA. According to TAC 9.2 is supposed to allow larger packets where prior to that version the asa would drop making the PI device work center show a partial collection failure.
Sorry I should have mentioned the ASA 9.2 is only released for the 5500-X series plus the 5505. The other legacy hardware will not have a 9.2 release as it is past end of sales.
Cisco might release a bug fix in 9.1.x for the legacy 5500 series.
They might also fix PI to work with the older devices whose code doesn't support the large SNMP queries.
That would be nice but probably not realistic. Cisco still does not have full support for their current firmware WLCs and the ASA bug has been around since the PIX days.