Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

ASA5510

I have tried without luck to have my ASA5510 recognized by ONPlus via regular or beta firmware and portal.

I manually select the device driver, but it fails.  I saw the post about ASA5505, but I think 5505 is different then all other ASA as the bigger ASA does not have direct web based acess only CLI and ASDM.

One intersting thing is that it does seem to be magically collecting WAN stats from the ASA even though I never configured netflow, gave onplus credentials or anything else.

Screen Shot 2011-11-02 at 10.45.50 AM.png

Screen Shot 2011-11-02 at 10.47.02 AM.png

-- please remember to rate and mark answered helpful posts --
2 ACCEPTED SOLUTIONS

Accepted Solutions
mrn Cisco Employee
Cisco Employee

ASA5510

Hi Brandon,

The OnPlus network agent tries to reach the ASA 5510 using https. You can verify that this is working by trying this:

https://asa_address/exec/show%20clock

The web browser should ask you for credentials - enter the same ones that you have given to OnPlus.

If you get a valid response, we need to dig a little deeper.

If you don't get a response, you need to enable the http server on your device.

Finally, and this is a bug on our part - if you ever enter the credentials incorrectly, you need to go through a somewhat painful procedure to correct the problem.

1) On the device driver page, disable the selected device driver by opening the drop-down and navigating all the way to the top of the list.

2) Go to the Login Access page, and check the "Delete Existing Credentials" checkbox.

3) Apply the changes, and wait one minute.

4) Now go back, enter your correct login credentials, select the correct device driver, then click Apply.

If all of these steps still fail you we will ahve to pull some traces to see what is going on.

- Mark

mrn Cisco Employee
Cisco Employee

ASA5510

Hi Brandon,

After looking at your system, I am pretty sure you are running into a known ASA bug.

Because of the way we perform authentication, if you have any special characters (outside normal letters and digits) in your username or password, the ASA authentication fails - this problem is also present on a few IOS devices.

The bug is fixed in release 6.4, but that will not be pushed out to your customers for at least a couple of weeks.

I believe that if you temporarily use a simpler password, you should authenticate properly - if you go through the steps listed above.

If you change to a simpler password and still have the problem, we will take a deeper look.

- Mark

7 REPLIES
mrn Cisco Employee
Cisco Employee

ASA5510

Hi Brandon,

The OnPlus network agent tries to reach the ASA 5510 using https. You can verify that this is working by trying this:

https://asa_address/exec/show%20clock

The web browser should ask you for credentials - enter the same ones that you have given to OnPlus.

If you get a valid response, we need to dig a little deeper.

If you don't get a response, you need to enable the http server on your device.

Finally, and this is a bug on our part - if you ever enter the credentials incorrectly, you need to go through a somewhat painful procedure to correct the problem.

1) On the device driver page, disable the selected device driver by opening the drop-down and navigating all the way to the top of the list.

2) Go to the Login Access page, and check the "Delete Existing Credentials" checkbox.

3) Apply the changes, and wait one minute.

4) Now go back, enter your correct login credentials, select the correct device driver, then click Apply.

If all of these steps still fail you we will ahve to pull some traces to see what is going on.

- Mark

ASA5510

Hi Mark, thanks for the reponse.  The ASA does repond to the test URL you suggested.  I tried to remove the driver and reenter the credentials then add the device driver back, but I have the same error.  What do you need from me to see detailed traces?

-- please remember to rate and mark answered helpful posts --
mrn Cisco Employee
Cisco Employee

ASA5510

Hi Brandon,

I just sent you a private message with some request for info. (To read a private message on this board you have to navigate to your account - AFAIK there is no way to have them routed directly to your personal email.)

- Mark

mrn Cisco Employee
Cisco Employee

ASA5510

Hi Brandon,

After looking at your system, I am pretty sure you are running into a known ASA bug.

Because of the way we perform authentication, if you have any special characters (outside normal letters and digits) in your username or password, the ASA authentication fails - this problem is also present on a few IOS devices.

The bug is fixed in release 6.4, but that will not be pushed out to your customers for at least a couple of weeks.

I believe that if you temporarily use a simpler password, you should authenticate properly - if you go through the steps listed above.

If you change to a simpler password and still have the problem, we will take a deeper look.

- Mark

Cisco Employee

ASA5510

Hi Brandon,

Regarding the WAN performance statistics, the Latency/Loss/Jitter is calculated between the ON100 and the OnPlus Portal currently and so doesn't require special access to the WAN device. This is an area that could be improved in the future as we look for better ways to give you visibility of the customer's WAN link performance. The current test performed by the ON100 doesn't even set QoS bits, it simply acts as a standard network element and reports the metrics of it's connectivity to the portal.

-mike

ASA5510

This was correct about the password.  The device driver works now.

Thanks for your help.

-- please remember to rate and mark answered helpful posts --
mrn Cisco Employee
Cisco Employee

ASA5510

Thanks for helping track down the root cause, Brandon.

702
Views
0
Helpful
7
Replies
CreatePlease to create content