10-21-2010 03:05 AM
HI ,
I am facing problem in Ciscoworks in Fetching config Archieve from Cisco ASA-5510 Adaptive Security Appliance . I am using LMS 3.2 and RME 4.3.1
SSH is enable in the device, and from LMS server I am able to connect through Putty. Also from Management station to Device it showing SSH is up for both version. But from RME its failing Its giving below mentioned error
Device: COGINHYDGCBDFHRTF1 Status: Failed | ||||||||||
|
I have tried from LMS server by telneting to port 22, its giving below output------SSH-1.99-Cisco-1.25
When I have tried to test device credentials for SSH and SSH Enable mode, then below output I am getting. SSH remains blank status.
Device Name | SSH | Enable by SSH | |
1. | COGINHYDGCBDFHRTF1 | Did Not Try |
Pls help to resolve this.
10-23-2010 10:11 PM
The problem is that RME cannot enter enable mode on the ASA. Check the enable password in DCR for this device. Make sure you can login to the ASA using SSH with the username/password and enable password combination found in DCR. If in doubt, re-enter the credentials in DCR.
10-25-2010 01:23 AM
Hi,
As I have described I am properly able to login with the same credential from LMS server with Putty, but from LMS its not happening.Rather when I am I am checking Device Credential for SSH , its showing the output as I have mentioned my earier post. It seems LMS is not trying to login for some reason.
Please help
10-25-2010 10:43 PM
According to the output you've shown thus far, it appears there isn't any enable password entered in DCR for this device. Go to Common Services > Device and Credentials > Device Management, select this device, and click Edit Credentials. Re-enter the correct enable password. Then see if the config archive works. If not, enable ArchiveMgmt Service debugging under RME > Admin > System Preferences > Application Loglevel Settings, re-run the sync archive, then post the dcmaservice.log.
10-26-2010 10:15 PM
I have checked and found that Authenticaion from Putty is Ok , But only Sh run Authorization given for this Userid. Is this the problem ? Which commands should be authorized ?
10-26-2010 10:39 PM
Yep, that's the most likely problem. You will need to authorize "show privilege level", "terminal length 0", "terminal width 0", "show running-config brief", "show running-config", and "show startup-config".
10-27-2010 04:27 AM
This is for cisco ASA firewall, where "show running-config" and "show startup-config".The devive has been integrated with ACS where Privillege level 3 is given and "show running-config" is permitted only. With same Privillege level Switches are working properly, for ASA what all other commands need to permit Please suggest
10-27-2010 08:31 AM
Hi Anupam,
For ASA you should also use pager line 0 / ter pager 0 additional to commands suggested by Joe.
best regards // Rajiv
10-28-2010 07:08 AM
10-28-2010 08:18 AM
],DEBUG,[Thread-778],com.cisco.nm.xms.xdi.transport.cmdsvc.LogAdapter,debug,31,Returning from Session.send('terminal width 0
')
[ Thu Oct 28 15:02:28 GMT+05:30 2010 ],DEBUG,[Thread-778],com.cisco.nm.xms.xdi.transport.cmdsvc.LogAdapter,debug,31,in trimPrompt(), prompt == 'ASA-F1# '
[ Thu Oct 28 15:02:28 GMT+05:30 2010 ],DEBUG,[Thread-778],com.cisco.nm.xms.xdi.transport.cmdsvc.LogAdapter,printStackTrace,51,stacktracecom.cisco.nm.lib.cmdsvc.CmdSvcException: Unhandled SSHv2 message: SSH_MSG_CHANNEL_REQUEST(98)
Channel ID: UInt32[ 0 ]
Channel Request Type: exit-status
Want Reply: true
Timeout (msec): 0
Exit Status: UInt32[ 0 ]
What i deduce from this output is may be "ter width 0" is un-authorised for the user or is not supported by the particular code that you are currently running in the box.
Best Regards // Rajiv
10-28-2010 08:39 AM
This looks like CSCtg43958. What version of ASA OS is this?
10-28-2010 11:25 AM
Actually, on closer look, I think this is something else. Make sure the following commands are authorized:
conf t
terminal width 0
terminal no monitor
Here's the problem. The terminal width 0 command needs to be entered in config mode. Since it doesn't look like RME can enter config mode, terminal width 0 gets entered in enable mode, then RME calls "exit" to leave config mode. This triggers the session to exit. Once "conf t" is allowed, then config fetch should work.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide