NSO fails to sync from Juniper device

lizhenyu2000 · ‎04-20-2020

Hello,

I am trying to setup Cisco NSO Version 5.3 (latest from Cisco) to manage configuration on a Juniper SRX device. However, I am getting an error while trying to sync from the Juniper device:

sync-result {
    device my_juniper_exchange
    result false
    info my_juniper_exchange: invalid value for: authentication-algorithm in /ncs:devices/ncs:device[ncs:name='my_juniper_exchange']/ncs:config/junos:configuration/junos:security/junos:ipsec/junos:proposal[junos:name='esp-aes256-sha256-nopfs']/junos:authentication-algorithm: "hmac-sha-256-128" is an invalid value.
}

Here, NSO says that: junos:authentication-algorithm: "hmac-sha-256-128" is an invalid value.

However, in JunOS, hmac-sha-256-128 is a valid value for authentication algorithm.
Can someone help me fix this issue?

Here is how the device is created in NSO CLI (NCS):

admin@ncs(config)# devices device {device_name} address {device_ip_address} device-type netconf ned-id juniper-junos-nc-3.0
admin@ncs(config-device-jnpr-dev-srx)# state admin-state unlocked
admin@ncs(config-device-jnpr-dev-srx)# authgroup jnpr
admin@ncs(config-device-jnpr-dev-srx)# exit

marce1000 · ‎04-20-2020

- Cipher mismatch may be due to the NSO version being too low to support the intended platform (for instance); check if you have newer version(s) available.

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

lizhenyu2000 · ‎04-20-2020

Hello,

Thanks for the reply.

I am using the NSO 5.3, which is the newest version from Cisco.

marce1000 · ‎04-20-2020

- Not sure the Juniper SRX is supported , it's not in this list :

https://community.cisco.com/t5/nso-developer-hub-documents/device-types-supported-by-cisco-nso-neds/ta-p/3641664

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !