01-05-2007 12:47 AM
Hi,
we have a few VPN 30xx concentrator around Europe. I can not archive the configuration from these devices with the LMS 2.5.1. Is this in principally possible, if yes what is to do?
Thanks in advance, and best regards
Thomas
01-05-2007 06:36 AM
Yes, it is definitely supported for config archive.
If you want to get a config from your your VPN 3005 you should use HTTPS.
You set 3 things:
Common Services > Device and Credentials > Device Management >
select your VPN device > go to HTTP Settings > fill the HTTP Username
and Password > set the HTTPS port to 443 > select Current Mode to HTTPS
> click on Finish.
RME > Admin > Config Mgmt > Transport Settings > and select HTTPS, too
and you should configure the device itself for HTTPS
As VPN concentrators only support HTTPS,
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000e/e_4_x
/4_0_3/sdt/rme403cm.htm#RME4.0.4
Also, to enable the configuration archive to gather the configurations
using https protocol you must modify your device configurations:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_confi
guration_guide_chapter09186a00801f1d98.html#999607
01-08-2007 01:21 AM
Hello,
thanks for the answer. I changed everything to HTTPS, but I couldn't get the config. The sync archive gives me always this error message:
demunkVcon-1 | PRIMARY RUNNING Jan 08 2007 10:09:53 | CM0210 Unable to generate processed config
I did a capture with the NAM module and I saw that cw2000 is communicating over SSL with the concentrator, but I can?t see what there are exactly doing. The sync archive generate just 30 packets what is a bit low for me.
Regards
Thomas
01-08-2007 09:12 AM
This error occurs after the config is fetched, but before it is archived. You should look at the dcmaservice.log for any relevant errors. This could be cause by bad characters somewhere in the config.
01-23-2007 06:21 AM
Hi Thomas,
could you fix this issue? I've got the some problem on our LMS 2.6.
Andr?
01-23-2007 09:03 PM
Are you running into the same errors as above? Any errors in the dcmaservice.log as jclarke mentions above?
01-23-2007 11:44 PM
This are the messages from the log file, but I'am not sure what this means.
[ So Jan 21 03:12:13 CET 2007 ],INFO ,[Thread-22447],com.cisco.nm.xms.xdi.pkgs.SharedDcmaVPN3000.analyzer.VPN3000ConfigFileReader,
[ So Jan 21 03:12:13 CET 2007 ],ERROR,[Thread-22447],com.cisco.nm.rmeng.dcma.configmanager.DeviceArchiveManager,archiveNewVersionIfNeeded,1076,CM0210 Unable to generate processed config
[ So Jan 21 03:12:13 CET 2007 ],ERROR,[Thread-22447],com.cisco.nm.rmeng.dcma.configmanager.ConfigManager,updateArchiveForDevice,1261,Error archiving config for demunkVcon-1
[ So Jan 21 03:12:13 CET 2007 ],INFO ,[Thread-22447],com.cisco.nm.xms.xdi.pkgs.SharedDcmaVPN3000.analyzer.VPN3000ConfigFileReader,
[ So Jan 21 03:12:13 CET 2007 ],ERROR,[Thread-22447],com.cisco.nm.rmeng.dcma.configmanager.DeviceArchiveManager,archiveNewVersionIfNeeded,1076,CM0210 Unable to generate processed config
[ So Jan 21 03:12:13 CET 2007 ],ERROR,[Thread-22447],com.cisco.nm.rmeng.dcma.configmanager.ConfigManager,updateArchiveForDevice,1261,Error archiving config for demunkVcon-2
regards
Thomas
01-24-2007 07:41 AM
your error message leads me to believe that there is a special character in the config that is causing its processing to fail. Can you check this? This may be related to bug CSCsa35538
Configuration fetch for VPN 3000 devices fails if there are characters like '<,''>' in the configuration file.
Workaround is to remove those characters from the configuratio file. For XML parsers these characters are the delimiters.
Check the following:
Check that XML export is enabled on your device:
1. Log on to: "_http://_ <http:///> VPN device-IP/"
2. Expand the Administration link. (At the left side)
3. Expand File Management link.
4. Click XML Export.
5. Give "running" as the - File Name.
6. Click ok.
To TFTP the configuration file to the server:
a) Click TFTP Transfer. (Administration > File Management > TFTP Transfer)
b) Concentrator File = running.
c) Action = (select) put.
d) TFTP Server=IP Address of "CiscoWorks-Server"
e) TFTP Server File= running (Before this create a file named "running" under
?NMSROOT\tftpboot", where NMSROOT corresponds to the installation path for CiscoWorks. By default this is C:\Progra~1\CSCOpx for Windows and /opt/CSCOpx for Solaris).
Then open the "running" file under "NMS ROOT\tftpboot" and check the configuration file,whether it has only the following contents
"
standalone="yes" ?>?.
If so, the issue is on device side.
01-26-2007 01:30 AM
I couldn't find any of this characters like '<,''>' in my config.....
Regards
Thomas
01-26-2007 08:29 AM
Do you run through the XML commands I listed?
01-28-2007 11:43 PM
hi,
The XML export is not working "Unable to export XML file. Disabled." is the meassage what I get. But I checked the original config file from the concentrator.
regards
Thomas
07-31-2008 12:35 PM
I had the same issue with the same error.
I was able to get this working by enabling xml export from Configuration|System|Management Protocols|XML
You do NOT need to enable https or ssh on the public interface.
Also make sure that you credentials in common services (https or http) match what you have configured for management on the concentrator.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide