Re: save PIX configuration via the outside interface

s.fasel · ‎02-15-2005

Hi,

I would like to save a PIX525 configuration via the "outside" interface with ssh.

I have Ciscoworks LMS 2.2 (Module RME 3.5, with IDU 10.0) to do this automatically.

To save PIX configuration via the "outside" interface I must use "ssh" or "ipsec". With RME, we can only use ssh (SSH-1.5-CMF).

I have try to save the configuration with the ssh of RME but the connection stops with a error. The init and the authentication of the ssh session is ok but when ciscoworks wants to save the configuration, this message appears:

« crc comparison failed »

I have debug the traffic on the PIX:

1: SSH: Device opened successfully.

2: SSH: host key initialised

3: SSH0: SSH client: IP = '*******' interface # = 0

4: SSH0: starting SSH control process

5: SSH0: Exchanging versions - SSH-1.5-Cisco-1.25

6: SSH0: send SSH message: outdata is NULL

7: SSH0: receive SSH message: 83 (83)

8: SSH0: client version is - SSH-1.5-CMF

9: SSH0: begin server key generation

10: SSH0: complete server key generation, elapsed time = 240 ms

11: SSH0: declare what cipher(s) we support: 0x00 0x00 0x00 0x04

12: SSH0: send SSH message: SSH_SMSG_PUBLIC_KEY (2)

13: SSH0: SSH_SMSG_PUBLIC_KEY message sent

14: SSH0: receive SSH message: SSH_CMSG_SESSION_KEY (3)

15: SSH0: SSH_CMSG_SESSION_KEY message received - msg type 0x03,

length 112

16: SSH0: client requests DES cipher: 2

17: SSH0: send SSH message: SSH_SMSG_SUCCESS (14)

18: SSH0: keys exchanged and encryption on

19: SSH0: receive SSH message: SSH_CMSG_USER (4)

20: SSH0: authentication request for userid ******

21: SSH(******): user authen method is 'use AAA', aaa server group ID = 5

22: SSH0: send SSH message: SSH_SMSG_FAILURE (15)

23: SSH0: receive SSH message: SSH_CMSG_AUTH_PASSWORD (9)

24: SSH(******): starting user authentication request, and waiting for reply from AAA server

25: SSH(******): user '********' is authenticated

26: SSH(******): user authentication request completed

27: SSH0: send SSH message: SSH_SMSG_SUCCESS (14)

28: SSH0: authentication successful for *******

29: SSH0: receive SSH message: SSH_CMSG_REQUEST_PTY (10)

30: SSH0: send SSH message: SSH_SMSG_SUCCESS (14)

31: SSH0: receive SSH message: SSH_CMSG_EXEC_SHELL (12)

32: SSH0: starting exec shell

33: SSH0: crc comparison failed - client 0xfc875863 host 0xad20ea70

34: SSH0: receive SSH message: [no message ID: variable *data is NULL]

35: SSH0: send SSH message: SSH_MSG_DISCONNECT (1)

36: SSH0: Session disconnected by SSH server - error 0x02 "packet CRC check failed"

I have search on the web site of cisco if I find some information

about « crc comparison failed » but I find nothing.

Does anybody know this problem? Or does anybody know a another method to save the PIX configuration via outside interface with Ciscoworks RME ?

For your information: PIX 525 with Cisco PIX Firewall Version 6.3(3)

(ssh version 1)

Thank you for your help

sachinraja · ‎02-15-2005

hi fasel,

Are you able to do a normal SSH from a SSH client from the LMS desktop ? try to isolate the issue, between the PIX and the LMS.. if you are able to do a normal SSH, then we need to see the config of the LMS.. else we need to concentrate on the pix side...

do let us know..

Raj

s.fasel · ‎02-15-2005

I have found the problem. The problem was in the LMS configuration. The ssh connection works correctly but when the LMS connects it on the pix, it was not in "enable mode". It cannot save the configuration of the pix. I have modified the "device attributes" of the pix in the inventory of the LMS. And now that's works.

thank you for your help

Best Regards

Sam

sachinraja · ‎02-15-2005

Hi SAm,

cool. please mark the case as a solved one, which might be helpful to others. rate replies if found useful..

Raj