07-16-2008 09:26 AM
I'm having a problem with LMS 2.6 and pushing configs out to our firewalls. We don't allow telnet into the firewalls, only SSH. LMS pulls the configs without a problem, but when I try to modify a config and push it out to a firewall it only seems to attempt to telnet and fails, so the config never gets pushed out. I made sure that SSH is the first in the list under RME transport settings for config deploy. Am I missing something else?
Solved! Go to Solution.
07-16-2008 10:00 AM
Ah, okay, this just means that telnet was attempted because SSH failed. The error points to a problem with one of the commands being deployed to the device. Exactly what are you deploying, and in what mode (merge or overwrite)?
07-16-2008 09:28 AM
What RME application are you using to push the change (i.e. Archive Mgmt, Config Editor, Netconfig)?
07-16-2008 09:41 AM
Config Editor
07-16-2008 09:44 AM
Then you need to select Config Editor from the pull-down in the RME > Admin > Config Mgmt > Transport Settings window, and make sure the deploy protocol order is correct there as well.
07-16-2008 09:50 AM
Yea that's what I did...I have SSH, Telnet, TFTP, SCP as selected protocols under config deploy for Config Editor...in that order.
07-16-2008 09:53 AM
Please post the job log from a failing Config Editor job.
07-16-2008 09:58 AM
Here is the log from the last job I tried to run (I starred out the IP):
Command(s) failed on the device TELNET: Failed to establish TELNET connection to *.*.*.* - Cause: connect timed out. Insufficient no. of interactive responses(or timeout) for command
07-16-2008 10:00 AM
Ah, okay, this just means that telnet was attempted because SSH failed. The error points to a problem with one of the commands being deployed to the device. Exactly what are you deploying, and in what mode (merge or overwrite)?
07-16-2008 10:03 AM
Ah I think I see the problem...I'm modifying an access-list and out of habbit I put no in front of the line I want to remove instead of just removing it...I'm going to try it again tonight...thanks! :)
07-16-2008 12:37 PM
Maybe I spoke to soon...I did remove the access-list line entirely...i still get the same error. Here it is:
e Command(s) failed on the device Insufficient no. of interactive responses(or timeout) for command: no access-list in_out extended permit ip host *.*.*.* any . TELNET: Failed to establish TELNET connection to *.*.*.* - Cause: connect timed out.
07-16-2008 01:05 PM
What happens when you run the command manually:
no access-list in_out extended permit ip host *.*.*.* any
What does the device say?
07-16-2008 01:17 PM
That's weird the access-list line gets removed even though I get the error (using RME). I tried removing 3 access-list lines instead of just one, I still get the same error, but one line does get removed. The line that gets removed is the same line that shows up in the error, and the other 2 lines do not get removed.
It works without a problem if I do it manually.
07-16-2008 01:21 PM
The device does not prompt you for anything when entering the problematic line?
07-16-2008 02:20 PM
Nope..if I paste the multiple lines directly I get no prompts from the firewall.
07-16-2008 02:33 PM
It would help to see the Config Editor job log with Config Job debugging enabled. If this data is too sensitive to post on an open forum, then I suggest you open a TAC service request.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide