11-29-2012 07:24 AM
Hi EveryBody
I am using Prime LMS 4.2.2 software to archive configuration for my cisco Network Device switch and firewall . All works fine except for two new Cisco ASA 5525 and ASA 5545 ( Software Version 8.6.1.2 ) . I have already checked credential , ssh access , snmp configuration and all seem correct. But Archive configuration job end with failure. This is the error message:
"
*** Device Details for ASAPCI-MI *** |
Protocol ==> Unknown / Not Applicable |
Selected Protocols with order ==> SSH,Telnet,TFTP,HTTPS,RCP |
Execution Result: |
RUNNING |
CM0151 PRIMARY RUNNING Config fetch failed for ASAPCI-MI Cause: Failed to fetch the configuration. Check the dcmaservice.log for details. TELNET: Failed to establish TELNET connection to 172.20.55.13 - Cause: connect timed out. |
PRIMARY-RUNNING config Fetch Operation failed for TFTP. |
Action: Check if protocol is supported by device and required device package is installed. Check device credentials. Increase timeout value, if required. Verify if firewall configuration permits traffic from LMS to the device and vice versa for the protocols configured in Admin > Collection Settings > Config > Config Transport Settings. |
"
I have also ols ASA model ( 5510 and 5505 ) and for these device Archive Configuration work well.
I have checked dcmaservice.log but I have not found anything useful. I attach this file if for someone is useful.
An help will be valued.
Best Regards
Marco Mazzoleni
12-17-2012 05:12 PM
I am having a similar problem. Looking at the dcmaservice.log of my server the LMS server is trying to connect to a different IP address on the firewall (the outside ip address which is a higher value than the inside ip address). the LMS server is not using the IP address that was configured when the device was added. Inventory and credentials checking works fine. How can I change it so that the RME module (or what ever is doing the config sync) uses the configured IP address and not one it selects based on some definition I cannot find?
Firewall rules are blocking access to the ASA IP address that RME picked, it needs to connect to the inside ip address.
I think this may be Marco's problem as well since his dcmaservice.log file shows that the LMS server is trying to connect to 192.168.1.1 instead of 172.20.55.13
as is shown in the job error message.
Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide