cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1337
Views
0
Helpful
1
Replies

Prime LMS 4.2.2

marco.mazzoleni
Level 1
Level 1

Hi EveryBody

I am using Prime LMS 4.2.2 software to archive configuration for my cisco Network Device  switch and firewall . All works fine   except for  two new Cisco ASA 5525 and ASA 5545 ( Software Version 8.6.1.2 ) . I have already checked credential , ssh access , snmp configuration and all seem correct.   But Archive configuration job end with failure. This is the error message:

"

*** Device Details for ASAPCI-MI ***
Protocol ==> Unknown / Not Applicable
Selected Protocols with order ==> SSH,Telnet,TFTP,HTTPS,RCP
Execution Result:
RUNNING
CM0151 PRIMARY RUNNING Config fetch failed for ASAPCI-MI Cause: Failed to fetch the configuration. Check the dcmaservice.log for details. TELNET: Failed to establish TELNET connection to 172.20.55.13 - Cause: connect timed out.
PRIMARY-RUNNING config Fetch Operation failed for TFTP.
Action: Check if protocol is supported by device and required device package is installed. Check device credentials. Increase timeout value, if required. Verify if firewall configuration permits traffic from LMS to the device and vice versa for the protocols configured in Admin > Collection Settings > Config > Config Transport Settings.

"

I have also ols ASA model ( 5510 and 5505 ) and for these device Archive Configuration work well.

I have checked dcmaservice.log but I have not found anything useful. I attach this file if for someone is useful.

An help will be valued.

Best Regards

Marco Mazzoleni

1 Reply 1

bmcgloth
Cisco Employee
Cisco Employee

I am having a similar problem.  Looking at the dcmaservice.log of my server the LMS server is trying to connect to a different IP address on the firewall (the outside ip address which is a higher value than the inside ip address).  the LMS server is not using the IP address that was configured when the device was added.  Inventory and credentials checking works fine.  How can I change it so that the RME module (or what ever is doing the config sync) uses the configured IP address and not one it selects based on some definition I cannot find?

Firewall rules are blocking access to the ASA IP address that RME picked, it needs to connect to the inside ip address.

I think this may be Marco's problem as well since his dcmaservice.log file shows that the LMS server is trying to connect to 192.168.1.1 instead of 172.20.55.13

as is shown in the job error message.

Thank you.

Review Cisco Networking for a $25 gift card