cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11331
Views
10
Helpful
19
Replies

Cisco Prime Infrastructure 2.0 and ASA 55xx platform problem

marcelvos82
Level 1
Level 1

Hello,

We recently upgraded to Prime Infrastructure 2.0 with the hope being able to manage our ASA's from PRIME (and complete an LMS migration).

When I attempt to add ASA's to prime i get the following collection errors:

Unable to collect processor and RAM information.          Processor and RAM information.          Unexpected error. See the log file inventory.log for details.

In the logfile I get the following XML parsing error on the MIB:

<palError>

  <deviceId>6284310032</deviceId>

  <code>VALIDATION_ERROR</code>

  <message>Failed to validate output XML: cvc-maxInclusive-valid: Value '3484331296' is not facet-valid with respect to maxInclusive '2147483647' for type 'int'.</message>

  <result>

    <result xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="/CISCO-MEMORY-POOL-MIB/xmp-im-file-system-module.xsd">

      <xmp-im-file-system-module>

        <MemoryPoolStatistics>

          <memoryPoolIndex>1</memoryPoolIndex>

          <free>4294967295</free>

          <largestFree>4294967295</largestFree>

          <used>3484331296</used>

        </MemoryPoolStatistics>

To me it seems that the ASA returns a value that is bigger then int32 and thus causes an overflow? Any clues? Workarounds to add an ASA to Prime without checking these MIB'S?

Regards,

Marcel

19 Replies 19

AFROJ AHMAD
Cisco Employee
Cisco Employee
Hi Marcel,

Support for ASA55xx firewalls will only come in PI 2.1

Thanks-

Afroz

[Do rate the useful post]

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Hi Afroj,

     I was wondering if you have any documentation in regards to this that you are able to share? Thank you!

-Jessinia Venegas

Jessinia,

The ASA 5500 and 5500-X series support was added in PI 2.0 Device Pack #1. It was released in December 2013.

Please refer to the compatibilty information in this link.

We have PI 2.2 and are unable to add ASA 5512-x.

Is this issue resolved?

AFROJ AHMAD
Cisco Employee
Cisco Employee

Hi Marcel,

I was doing a liitle research on this and got to know that :

ASA with 9.x version should just work fine with PI2.0 , there is a bug in ASA version 8.x.

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Hi Marcel,

I have am having a simular issue running ASA9.1(02) with Prime Infrastructure 2.0 (2.0.0.0.294). I get the error Partial Collection Failure. If this is a prime 2.0 issue when is prime 2.1 available to upgrade to

Regards

Michael

Hi Michael,

I am sure this will be taken care in PI 2.1 ,however I am not sure about the release of 2.1 .

As and when I got to know about this then I will update the thread.

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Hi Afroz,

Ok thanks for getting back to me, I used to get more out of Whatsupgold, I am also having similar problems with ACS 5.4 Virtual appliance, is there a list of "features" that will be supported under 2.1 which aren't under 2.0

Regards

Michael

Hi Afroz,

another couple of retaliated question,

1. Will the IPS 4500 be supported under 2.1 as it doesn't seem to be under 2.0

2. I have noticed that Prime does not recognise the difference between a 2960s and a 2960x on the decive work centre

3. Does it or are there plans to support F5 load balancers

Regards

Michael

Hi Michael,

As of now I am not sure what will be supported in 2.1 ,as such there is no such update available ,however I would suggest to talk to cisco rep for more clarification about product support on this as this seems to be important for you.

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

I had a similar trouble adding an ASA to Prime Infra 2.0.  My issue was invalid credentials.  Turns out ASA version 9.1.2+ allows SSH access to use either DH group 1 or 14.  DH 14 is needed to allow SSHv2 communications between Cisco IPS and ASA.  Once I changed the ASA SSH access from DH 14 back to DH 1, PI was able to connect.

Hi everyone,

I have the same problem with managing ASA5515 and ASA5545 with PI 2.0 as well as it was version 1.2 before. The PI is not useful for my customer, if it is not supporting all cisco devices which were used in the network enviorment.

Daniel

My DH Key group was my problem -- Thanks rmeans! ASA5505 successfully collected config now.

mcicolini
Level 1
Level 1

Hi,

 

does anyone happen to know if that problem is fixed? My currently setup looks like this:

1. Cisco Prime Infrastructure 2.1 with updated device pack.

2. Assurance license

3. ASA5510 which has enabled netflow. Netflow is being sent to Cisco Prime 2.1

I do receive netflow raw data within Cisco Prime 2.1 but any graphical display of netflow data is not working. Does anybody has an idea where the problem is? Could it be that the graphical data is only displayed when sending netflow 1, netflow 5 or netflow 7?

 

regards

Maurus

Review Cisco Networking for a $25 gift card