Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
987
Views
0
Helpful
3
Replies

AUS auto populate device seems not to work.

Go to solution
jkeeffe
Level 2
Level 2

‎02-11-2011 08:26 AM - edited ‎02-21-2020 04:14 AM

I'm running CSM 4.0.1 and followed the instructions on how to use CSM to update an ASA5540 filewall through AUS. I created a policy in CSM with the AUS IP address and credentials and chose 'Device' to deploy to.

On page 1-3 of "Getting Started with AUS" it states: When you use Security Manager to deploy configurations to a device through AUS, the device is automatically added to the AUS inventory after the device successfully contacts AUS and retrieces the configuration. This is the normal method for adding devices."

The AUS fails the attempt with this error message:

CALLHOME-DB-DEVICE_NOT_FOUND: Record for device with ID Remote-ASA-1 could not be found. Action: Please ensure the device was added to the AUS and that the device config contains the correct device ID.

And the ASA device (8.4.1) with debug turned on, displays this error msg:

Remote-ASA-1# Auto-update client: Sent DeviceDetails to /autoupdate/AutoUpdateServlet of server 164.72.44.162
Auto-update client: Processing UpdateInfo from server 164.72.44.162
Auto-update client: Failed to contact: https://164.72.44.162/autoupdate/AutoUpdateServlet, reason: ErrorList error code: CALLHOME-DB-DEVICE_NOT_FOUND, description: Record for device with ID Remote-ASA-1 could not be found.

It's complaining the the device ID is not found. But the hostname of the ASA is the same as the device ID in CSM.

Is there something I'm missing or not doing for this to work?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Stefano De Crescenzo
Cisco Employee
Cisco Employee

‎02-11-2011 10:51 AM

Hello Jeff,

there are few things to make the AUS work, let's try to list it and make sure we have everything in place.

1- we need to configure the device for AUS. Let do it via CSM:

in the Device View select your firewall and configure your AUS server via

Device Admin ->Server Access->AUS

The ip address will be the same as CSM and credential the same you use to login in the CSM Server

2- deploy to the ASA to make sure it has teh AUS config. The config deployed should look like:

auto-update device-id hostname
auto-update server https://*@/autoupdate/AutoUpdateServlet source

3- make sure that the hostname of the device is THE SAME as the display name in CSM (you can check that by right clicking on the device and click on device properties)

4- we are now ready to setup the AUS server. Right click on the device and select Device Properties. In the Autoupdate section (at the bottom)

complete the fields by putting all the needed info. The server name and ip address should be the same as the CSM (AUS is running on the same server)

and the credentials are the same used to login in the CSM gui and used at point 1

5- Once this is setup, you are ready for the first deployment. It is important to deploy just after because the CSM needs to create the right configuration file on the AUS server. After the first deployment you should be able to see the device listed in the AUS portal (under devices)

Let me know if it worked.


Stefano

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Stefano De Crescenzo
Cisco Employee
Cisco Employee

‎02-11-2011 10:51 AM

Hello Jeff,

there are few things to make the AUS work, let's try to list it and make sure we have everything in place.

1- we need to configure the device for AUS. Let do it via CSM:

in the Device View select your firewall and configure your AUS server via

Device Admin ->Server Access->AUS

The ip address will be the same as CSM and credential the same you use to login in the CSM Server

2- deploy to the ASA to make sure it has teh AUS config. The config deployed should look like:

auto-update device-id hostname
auto-update server https://*@/autoupdate/AutoUpdateServlet source

3- make sure that the hostname of the device is THE SAME as the display name in CSM (you can check that by right clicking on the device and click on device properties)

4- we are now ready to setup the AUS server. Right click on the device and select Device Properties. In the Autoupdate section (at the bottom)

complete the fields by putting all the needed info. The server name and ip address should be the same as the CSM (AUS is running on the same server)

and the credentials are the same used to login in the CSM gui and used at point 1

5- Once this is setup, you are ready for the first deployment. It is important to deploy just after because the CSM needs to create the right configuration file on the AUS server. After the first deployment you should be able to see the device listed in the AUS portal (under devices)

Let me know if it worked.


Stefano

0 Helpful

Go to solution
jkeeffe
Level 2
Level 2
In response to Stefano De Crescenzo

‎02-11-2011 03:06 PM

Well done Stefano!  Your explanation worked very vell.

After following your suggestions - which worked - I went into CSM and AUS and deleted the device. I wanted to find out why your suggestion worked, but mine didn't. The only difference between the two is you have a Device/AUS policy, where I had a shared AUS policy.

I cleared out the AUS auto commands in the ASA, and rediscovered the device in CSM.  Then I applied the shared AUS policy to the device and deployed it. I eneded up with a failure again on the ASA where debug showed that the device ID didn't match and AUS said no such device. I then cleared everything out and followed your plan - and it worked. Then I followed my plan again and it broke.

So it seems there's a bug in the AUS policy, when it is a shared policy, where it messes uf the Device ID somehow.

Thanks again for your help.

0 Helpful

Go to solution
Stefano De Crescenzo
Cisco Employee
Cisco Employee
In response to jkeeffe

‎02-11-2011 11:04 PM

Hi Jeff,

I am glad that it worked

I could not try it, but if you feel that there might be some defect in the CSM-AUS integration feel free to open a case so the engineer can troubleshoot it further and if necessary open a DDTS We are always looking forward to fix/improve the products.

Have a nice weekend

Stefano

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card