I am facing problem in Ciscoworks in Fetching config Archieve from Cisco ASA-5510 Adaptive Security Appliance . I am using LMS 3.2 and RME 4.3.1
SSH is enable in the device, and from LMS server I am able to connect through Putty. Also from Management station to Device it showing SSH is up for both version. But from RME its failing Its giving below mentioned error
|Device: COGINHYDGCBDFHRTF1 Status: Failed|
I have tried from LMS server by telneting to port 22, its giving below output------SSH-1.99-Cisco-1.25
When I have tried to test device credentials for SSH and SSH Enable mode, then below output I am getting. SSH remains blank status.
|Device Name||SSH||Enable |
|1.||COGINHYDGCBDFHRTF1||Did Not Try|
Pls help to resolve this.
The problem is that RME cannot enter enable mode on the ASA. Check the enable password in DCR for this device. Make sure you can login to the ASA using SSH with the username/password and enable password combination found in DCR. If in doubt, re-enter the credentials in DCR.
As I have described I am properly able to login with the same credential from LMS server with Putty, but from LMS its not happening.Rather when I am I am checking Device Credential for SSH , its showing the output as I have mentioned my earier post. It seems LMS is not trying to login for some reason.
According to the output you've shown thus far, it appears there isn't any enable password entered in DCR for this device. Go to Common Services > Device and Credentials > Device Management, select this device, and click Edit Credentials. Re-enter the correct enable password. Then see if the config archive works. If not, enable ArchiveMgmt Service debugging under RME > Admin > System Preferences > Application Loglevel Settings, re-run the sync archive, then post the dcmaservice.log.
I have checked and found that Authenticaion from Putty is Ok , But only Sh run Authorization given for this Userid. Is this the problem ? Which commands should be authorized ?
Yep, that's the most likely problem. You will need to authorize "show privilege level", "terminal length 0", "terminal width 0", "show running-config brief", "show running-config", and "show startup-config".
This is for cisco ASA firewall, where "show running-config" and "show startup-config".The devive has been integrated with ACS where Privillege level 3 is given and "show running-config" is permitted only. With same Privillege level Switches are working properly, for ASA what all other commands need to permit Please suggest