cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3513
Views
0
Helpful
10
Replies

Prime 3.9 | Collect running image from device | Failure

AG engineer
Level 1
Level 1

Good day.

I am trying to get an image from the Cisco ASA and I get an error. Please tell me what could be the problem.

error text:

 

PI_SWIM_20012:Image Collection has not succeeded from device.

 

Starting copy image from 2967972 using FTP. 2967972HANDLER_ERROR[swim_copyImageFromDevice_asav]imageCopier.xpa/ftpCopier/ftpCopier.par@Rule0/HandlerChain/Handler2Failed to match expected device output due to expect timeout, current expect timeout 60000ms, expect time 60000ms, minimal matching length 0.Current output : $.SPA ftp://ftp-user:dZqMsUsJkhEUbPx@10.140.60.88/asa982-lfbff-k8.SPACurrent expects : copy disk0:/asa982-lfbff-k8\.SPA ftp://ftp-user:dZqMsUsJkhEUbPx@10\.140\.60\.88/asa982-lfbff-k8\.SPAERROR_TIMEOUTechoExpectErrorcopy disk0:/asa982-lfbff-k8.SPA ftp://ftp-user:dZqMsUsJkhEUbPm@10.140.60.88/asa982-lfbff-k8.SPA110.140.50.60% Access denied% Bad passwords% Login invalid% Authentication failed% Bad secretsAccess denied($1)\\([^\\)]+\\)($2)\\s*\\z(.*)([#>])\s*\z120ALWAYS****true****zhhhassword[:\s]*\z22terminal pager 0[\(\)\d\w\{\}.]\s?[#>\$]\s*\ztruessh2ogin[:\s]*\zame[:\s]*\zUser[:\s]*\z<null><null>2967972296797260000Adaptive Security Appliance9.8(2)
 
But if I SSH into the Cisco ASA and run the command:
copy disk0:/asa982-lfbff-k8.SPA ftp://ftp-user:dZqMsUsJkhEUbPx@10.140.60.88/asa982-lfbff-k8.SPA
As a result, I will get
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 108563072 bytes copied in 15.410 secs (7237538 bytes/sec)
Below I am attaching a log for additional information.
 
Thanks for the help!
10 Replies 10

AG engineer
Level 1
Level 1

Please tell me who has this functionality earned?

I tried Cisco ASA 5515-X, Cisco ASA 5525-X, Cisco ASA 5508-X. Nothing comes out =\

marce1000
VIP
VIP

 

 - Ref : https://www.cisco.com/c/dam/en/us/td/docs/net_mgmt/prime/infrastructure/3-9/supported/devices/PI39-Supported-Device-List.xlsx

            Lookup your ASA-model , take note of the minimum software version needed , to be compatible with Prime.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Thanks a good idea!
But I already checked it, if I understand correctly the function should be supported.

Screenshot in attachment

I used SNMP Walk to find confirmation of a supported model

Query output:
.1.3.6.1.2.1.1.2.0 = OID: 1.3.6.1.4.1.9.1.2120

Which matches the supported model (Screenshot in attachment)

 

AG engineer
Level 1
Level 1

I spent a lot of time trying different settings. RSA SSH encryption algorithms.

All in vain.

But in the end, I see it in the ASA message log:

SSH session from 10.140.60.88 on interface ASA-RTR for user "*****" disconnected by SSH server, reason: "Internal error" (0x00)

User logged out: Uname: zhhh

 

   - Try to regenerate the ssh-key (on the ASA) and or reboot it , check if that helps.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Yes, I tried to do this, changed the length of the key, now left 512, tried to reboot the result did not work.

crypto key zeroize rsa default
crypto key generate rsa modulus 512

I set up a telnet, tried it through it, there is no result.

 

I swear at this whole situation, the situation is upsetting. And what other interesting difficulties this product will give, if at the very beginning it is so.

 

 - Check current software version on the ASA, use(/upgrade)  an advisory release (if applicable), check if the problems remain.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

It's just awful.
PRIME does not give recommendations for images on ASA.

I just updated to the latest "Interim" image.

Then everything broke down.

When I tried to sync, I got an error. The search for a solution yielded nothing. And when you try to remove the device and add it again. PRIME refused to do it. The search for a solution to the problem showed that only TAС can help in such a situation.

Fortunately for me, I rolled the image back, synchronized, and the device was admitted without any problems. This whole situation is one big pain. Prima and ASA is a pain!

 

P.S. Error text when trying to remove the device:

Please check the following logs for failure reason: ifm_inventory.log,inventory.log, existenceInventory.log,persistence.log under /opt/CSCOlumos/logs Directory.

 

      >...PRIME does not give recommendations for images on ASA.

 You could have a lookup on that 'manually' by inputting your particular asa model (name) in :

                      https://software.cisco.com/download/home

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Yes, I downloaded the current "Interim" image.
And after the update, I got a lot of problems on the PRIME, I can not delete the device, etc.

I had to roll back to the previous version.

I came to the conclusion that PRIME and ASA two entirely different camps, I excluded them from Prima monitoring. I will try SolarWinds to monitor ALL network devices.

Review Cisco Networking for a $25 gift card