Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
0
Helpful
3
Replies

ASA's have tftp server command, but not to CW

philip.r.hayes
Level 1
Level 1

‎03-04-2009 11:17 AM

LMS 2.6 / RME 4.0.6

We have a number of ASA's which have a tftp-server statement that points to an old tftp server. This blocks CW (at a different IP) from getting the config.

I've been asked about exactly how the configuration collection process works and haven't had much luck searching cisco.com to find a process flow.

I gues what would help would be a break-down of a how CW will collect a config if:

1) The only protocol configured is tftp

2) If Telnet, ssh, and tftp protocols are enabled. (which is how we are currently set up)

Does RME send a "wr net" via snmp if it can't login? If SSH and telnet are the first protocols listed and they fail, will it still try to do a tftp only configuration collection?

If anyone knows of any in-depths URLS on cisco.com that would really help.

Thanks

Labels:
0 Helpful
3 Replies 3

Joe Clarke
Cisco Employee
Cisco Employee

‎03-04-2009 11:34 AM

1. This will not work as TFTP requires the ability to do an SNMP SET. SNMP read-write operations are not supported on the ASA, PIX, or FWSM.

2. If telnet or SSH are used then RME will perform a "show running-config" or "show startup-config" and scrape the data from the socket. TFTP will not be used at all.

RME will not use TFTP to get the config from ASA devices.

0 Helpful

philip.r.hayes
Level 1
Level 1
In response to Joe Clarke

‎03-04-2009 02:06 PM

Thanks, that makes sense.

The description of the problem as shown in the "Failed" configuration collection list shows:

"Could not detect protocols running on the device TELNET: Failed to establish TELNET connection to 1.1.1.1 - Cause: connect timed out."

So, maybe my question should be why I don't see that RME tried SSH. SSH is allowed and is at the top of the list for "transport protocol" under "Archive Mgmt".

Is this a bug? It seems to be trying telnet first (it's 2nd on the list) and then stopping any further attempts.

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to philip.r.hayes

‎03-04-2009 03:07 PM

The SSH error is the first error. More specific details as to why the SSH protocols could not be detected will be in the dcmaservice.log if ArchiveMgmt Service debugging is enabled.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents