https://community.cisco.com/t5/network-security/save-pix-configuration-via-the-outside-interface/m-p/315634#M551530 <P>Hi,</P><P></P><P>I would like to save a PIX525 configuration via the "outside" interface with ssh.</P><P>I have Ciscoworks LMS 2.2 (Module RME 3.5, with IDU 10.0) to do this automatically.</P><P>To save PIX configuration via the "outside" interface I must use "ssh" or "ipsec". With RME, we can only use ssh (SSH-1.5-CMF).</P><P>I have try to save the configuration with the ssh of RME but the connection stops with a error. The init and the authentication of the ssh session is ok but when ciscoworks wants to save the configuration, this message appears:</P><P>« crc comparison failed »</P><P></P><P>I have debug the traffic on the PIX:</P><P></P><P>1: SSH: Device opened successfully.</P><P>2: SSH: host key initialised</P><P>3: SSH0: SSH client: IP = '*******' interface # = 0</P><P>4: SSH0: starting SSH control process</P><P>5: SSH0: Exchanging versions - SSH-1.5-Cisco-1.25</P><P>6: SSH0: send SSH message: outdata is NULL</P><P>7: SSH0: receive SSH message: 83 (83)</P><P>8: SSH0: client version is - SSH-1.5-CMF</P><P>9: SSH0: begin server key generation</P><P>10: SSH0: complete server key generation, elapsed time = 240 ms</P><P>11: SSH0: declare what cipher(s) we support: 0x00 0x00 0x00 0x04 </P><P>12: SSH0: send SSH message: SSH_SMSG_PUBLIC_KEY (2)</P><P>13: SSH0: SSH_SMSG_PUBLIC_KEY message sent</P><P>14: SSH0: receive SSH message: SSH_CMSG_SESSION_KEY (3)</P><P>15: SSH0: SSH_CMSG_SESSION_KEY message received - msg type 0x03,</P><P>length 112</P><P>16: SSH0: client requests DES cipher: 2</P><P>17: SSH0: send SSH message: SSH_SMSG_SUCCESS (14)</P><P>18: SSH0: keys exchanged and encryption on</P><P>19: SSH0: receive SSH message: SSH_CMSG_USER (4)</P><P>20: SSH0: authentication request for userid ******</P><P>21: SSH(******): user authen method is 'use AAA', aaa server group ID = 5</P><P>22: SSH0: send SSH message: SSH_SMSG_FAILURE (15)</P><P>23: SSH0: receive SSH message: SSH_CMSG_AUTH_PASSWORD (9)</P><P>24: SSH(******): starting user authentication request, and waiting for reply from AAA server</P><P>25: SSH(******): user '********' is authenticated</P><P>26: SSH(******): user authentication request completed</P><P>27: SSH0: send SSH message: SSH_SMSG_SUCCESS (14)</P><P>28: SSH0: authentication successful for *******</P><P>29: SSH0: receive SSH message: SSH_CMSG_REQUEST_PTY (10)</P><P>30: SSH0: send SSH message: SSH_SMSG_SUCCESS (14)</P><P>31: SSH0: receive SSH message: SSH_CMSG_EXEC_SHELL (12)</P><P>32: SSH0: starting exec shell</P><P>33: SSH0: crc comparison failed - client 0xfc875863 host 0xad20ea70</P><P>34: SSH0: receive SSH message: [no message ID: variable *data is NULL]</P><P>35: SSH0: send SSH message: SSH_MSG_DISCONNECT (1)</P><P>36: SSH0: Session disconnected by SSH server - error 0x02 "packet CRC check failed"</P><P> </P><P>I have search on the web site of cisco if I find some information </P><P>about « crc comparison failed » but I find nothing.</P><P></P><P>Does anybody know this problem? Or does anybody know a another method to save the PIX configuration via outside interface with Ciscoworks RME ?</P><P></P><P>For your information: PIX 525 with Cisco PIX Firewall Version 6.3(3)</P><P>(ssh version 1)</P><P> </P><P>Thank you for your help</P><P></P><P></P> Fri, 21 Feb 2020 07:57:53 GMT s.fasel 2020-02-21T07:57:53Z https://community.cisco.com/t5/network-security/save-pix-configuration-via-the-outside-interface/m-p/315634#M551530 <P>Hi,</P><P></P><P>I would like to save a PIX525 configuration via the "outside" interface with ssh.</P><P>I have Ciscoworks LMS 2.2 (Module RME 3.5, with IDU 10.0) to do this automatically.</P><P>To save PIX configuration via the "outside" interface I must use "ssh" or "ipsec". With RME, we can only use ssh (SSH-1.5-CMF).</P><P>I have try to save the configuration with the ssh of RME but the connection stops with a error. The init and the authentication of the ssh session is ok but when ciscoworks wants to save the configuration, this message appears:</P><P>« crc comparison failed »</P><P></P><P>I have debug the traffic on the PIX:</P><P></P><P>1: SSH: Device opened successfully.</P><P>2: SSH: host key initialised</P><P>3: SSH0: SSH client: IP = '*******' interface # = 0</P><P>4: SSH0: starting SSH control process</P><P>5: SSH0: Exchanging versions - SSH-1.5-Cisco-1.25</P><P>6: SSH0: send SSH message: outdata is NULL</P><P>7: SSH0: receive SSH message: 83 (83)</P><P>8: SSH0: client version is - SSH-1.5-CMF</P><P>9: SSH0: begin server key generation</P><P>10: SSH0: complete server key generation, elapsed time = 240 ms</P><P>11: SSH0: declare what cipher(s) we support: 0x00 0x00 0x00 0x04 </P><P>12: SSH0: send SSH message: SSH_SMSG_PUBLIC_KEY (2)</P><P>13: SSH0: SSH_SMSG_PUBLIC_KEY message sent</P><P>14: SSH0: receive SSH message: SSH_CMSG_SESSION_KEY (3)</P><P>15: SSH0: SSH_CMSG_SESSION_KEY message received - msg type 0x03,</P><P>length 112</P><P>16: SSH0: client requests DES cipher: 2</P><P>17: SSH0: send SSH message: SSH_SMSG_SUCCESS (14)</P><P>18: SSH0: keys exchanged and encryption on</P><P>19: SSH0: receive SSH message: SSH_CMSG_USER (4)</P><P>20: SSH0: authentication request for userid ******</P><P>21: SSH(******): user authen method is 'use AAA', aaa server group ID = 5</P><P>22: SSH0: send SSH message: SSH_SMSG_FAILURE (15)</P><P>23: SSH0: receive SSH message: SSH_CMSG_AUTH_PASSWORD (9)</P><P>24: SSH(******): starting user authentication request, and waiting for reply from AAA server</P><P>25: SSH(******): user '********' is authenticated</P><P>26: SSH(******): user authentication request completed</P><P>27: SSH0: send SSH message: SSH_SMSG_SUCCESS (14)</P><P>28: SSH0: authentication successful for *******</P><P>29: SSH0: receive SSH message: SSH_CMSG_REQUEST_PTY (10)</P><P>30: SSH0: send SSH message: SSH_SMSG_SUCCESS (14)</P><P>31: SSH0: receive SSH message: SSH_CMSG_EXEC_SHELL (12)</P><P>32: SSH0: starting exec shell</P><P>33: SSH0: crc comparison failed - client 0xfc875863 host 0xad20ea70</P><P>34: SSH0: receive SSH message: [no message ID: variable *data is NULL]</P><P>35: SSH0: send SSH message: SSH_MSG_DISCONNECT (1)</P><P>36: SSH0: Session disconnected by SSH server - error 0x02 "packet CRC check failed"</P><P> </P><P>I have search on the web site of cisco if I find some information </P><P>about « crc comparison failed » but I find nothing.</P><P></P><P>Does anybody know this problem? Or does anybody know a another method to save the PIX configuration via outside interface with Ciscoworks RME ?</P><P></P><P>For your information: PIX 525 with Cisco PIX Firewall Version 6.3(3)</P><P>(ssh version 1)</P><P> </P><P>Thank you for your help</P><P></P><P></P> Fri, 21 Feb 2020 07:57:53 GMT https://community.cisco.com/t5/network-security/save-pix-configuration-via-the-outside-interface/m-p/315634#M551530 s.fasel 2020-02-21T07:57:53Z https://community.cisco.com/t5/network-security/save-pix-configuration-via-the-outside-interface/m-p/315635#M551531 <HTML><HEAD></HEAD><BODY><P>hi fasel,</P><P></P><P>Are you able to do a normal SSH from a SSH client from the LMS desktop ? try to isolate the issue, between the PIX and the LMS.. if you are able to do a normal SSH, then we need to see the config of the LMS.. else we need to concentrate on the pix side...</P><P></P><P>do let us know..</P><P></P><P>Raj</P></BODY></HTML> Tue, 15 Feb 2005 09:32:50 GMT https://community.cisco.com/t5/network-security/save-pix-configuration-via-the-outside-interface/m-p/315635#M551531 sachinraja 2005-02-15T09:32:50Z https://community.cisco.com/t5/network-security/save-pix-configuration-via-the-outside-interface/m-p/315636#M551532 <HTML><HEAD></HEAD><BODY><P>I have found the problem. The problem was in the LMS configuration. The ssh connection works correctly but when the LMS connects it on the pix, it was not in "enable mode". It cannot save the configuration of the pix. I have modified the "device attributes" of the pix in the inventory of the LMS. And now that's works.</P><P></P><P>thank you for your help </P><P></P><P>Best Regards</P><P></P><P>Sam</P></BODY></HTML> Wed, 16 Feb 2005 07:01:54 GMT https://community.cisco.com/t5/network-security/save-pix-configuration-via-the-outside-interface/m-p/315636#M551532 s.fasel 2005-02-16T07:01:54Z https://community.cisco.com/t5/network-security/save-pix-configuration-via-the-outside-interface/m-p/315637#M551533 <HTML><HEAD></HEAD><BODY><P>Hi SAm,</P><P></P><P>cool. please mark the case as a solved one, which might be helpful to others. rate replies if found useful..</P><P></P><P>Raj</P></BODY></HTML> Wed, 16 Feb 2005 07:25:01 GMT https://community.cisco.com/t5/network-security/save-pix-configuration-via-the-outside-interface/m-p/315637#M551533 sachinraja 2005-02-16T07:25:01Z