Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1970
Views
5
Helpful
11
Replies

Cisco Prime Infrastructure 2.0 and Cisco ASA

Daria Tarasova
Level 1
Level 1

‎04-24-2014 05:43 AM

Hello,

We've recently installed trial version of Cisco Prime Infrastructure 2.0 Express. We hoped that it already supports Cisco ASA 55xx series (especially 5505, we have pretty amount of them). But we had some problems with PI and asa durind the exploitation process.
First, I've added ASA to PI, and Inventory Collection Status is Completed, but I can't see CPU and RAM utilization graphs. Inventory.logs are non-informative.
Also, config backup is success, but when I try to watch the backuped configuration at Configuration Archive PI says "Failed to fetch raw configuration". And so on.

ASA version is 5505, image is 9.1(2).

So, I have a question: is it possible to manage ASAs with PI 2.0?

UPD: I've just tried to upgrade asa to 9.1(4), and behavior of the equipment is quite the same. Seems we shall wait for 9.2 to be released.

Labels:
0 Helpful
11 Replies 11

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-24-2014 06:07 AM

Have you downloaded and applied the latest Device Pack updates?

PI enhanced ASA support after the initial 2.0 release and the Device Packs incorporate that change.

The README file for Device Packs explains how to install them. (A bug currently does not allow the direct download in PI so you need to follow the method for installation from local storage after you manually download. Here is a link to the download location.

Daria Tarasova
Level 1
Level 1
In response to Marvin Rhoads

‎04-24-2014 06:35 AM

Уes, I've downloaded and installed this one from the very beginning. Without that pack I couldn't even see any details about ASA.

May be there are problems of Express version of PI?

0 Helpful

Kuat Bakenov
Level 1
Level 1
In response to Marvin Rhoads

‎04-28-2014 02:58 AM

install virt.aaplaence PI 2.0

cisco asa 9.1

 

Collection StatusFailed feature(s)
FailuresImpactPossible Cause
feature_image_firewall Timed out while receiving CLI response from device. Please check device response speed and network latency.
0 Helpful

Seth Bjorn
Level 1
Level 1

‎04-24-2014 01:06 PM

According to TAC it is supported on ASA 9.2 and the updated PI 2.0 device pack. However, 9.2 is not released yet.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Seth Bjorn

‎04-24-2014 03:41 PM

Interesting - the device pack readme says it's supported on ASA 9.1(2). I'd push back on that TAC advice.

I have heard that ASA 9.2 should be out sometime in the next month. That remains to be announced by Cisco though. 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Marvin Rhoads

‎04-25-2014 05:17 AM

FYI ASA 9.2 was just released Wednesday.

The Release Notes were posted yesterday evening.

0 Helpful

Seth Bjorn
Level 1
Level 1
In response to Marvin Rhoads

‎04-25-2014 08:20 AM

Interesting I see those release notes but not an image yet (see screenshot attachment).

 

The notes saying ASA 9.1 is compatible are wrong because of a bug related to SNMP packets on the ASA. According to TAC 9.2 is supposed to allow larger packets where prior to that version the asa would drop making the PI device work center show a partial collection failure.

Preview file
89 KB
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Seth Bjorn

‎04-25-2014 08:41 AM

Sorry I should have mentioned the ASA 9.2 is only released for the 5500-X series plus the 5505. The other legacy hardware will not have a 9.2 release as it is past end of sales.

0 Helpful

Seth Bjorn
Level 1
Level 1
In response to Marvin Rhoads

‎04-25-2014 08:53 AM

So PI will never support ASA non-x version with the exception of 5505 then?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Seth Bjorn

‎04-25-2014 09:16 AM

Cisco might release a bug fix in 9.1.x for the legacy 5500 series.

They might also fix PI to work with the older devices whose code doesn't support the large SNMP queries. 

0 Helpful

Seth Bjorn
Level 1
Level 1
In response to Marvin Rhoads

‎04-25-2014 02:04 PM

That would be nice but probably not realistic. Cisco still does not have full support for their current firmware WLCs and the ASA bug has been around since the PIX days.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents