I'd like to know what the built in threshold is for the CPU Temperature (not the ambient temperature) where the "show environment" command will start showing a warning or critical value. The reason for this is so that I can use the value on our monitoring system which is polling the values via SNMP. I can clearly see the ambient operating temperatures in the ASA product documentation but no-where does it define the normal operating ranges for the CPUs. In particular I'd like to know this information for 5515x, 5525x and 5545x models please.
... View more
Hi, I am running Nagios Core 4.0.7 on a Fedora Core test server and have a UCSC-C220-M4 running firmware 2.0(3e) on the CIMC. I've installed the Nagios UCS Plugin (0.9.3), ImcSdk-0.6.2 and UcsSdk-0.8.3. Unfortunately whenever I either run the autodiscover (having given the correct IP, credentials and connection type in the config) or use the libexec/plugin, they both fail and report back errors. Please see below - can anyone offer any suggestions on how to resolve this? Thanks in advance. Paul ************ Output from the IMCSDK test ************ [root@localhost ImcSdk-0.6.2]# python Python 2.7.8 (default, Nov 10 2014, 08:19:18) [GCC 4.9.2 20141101 (Red Hat 4.9.2-1)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import ImcSdk >>> ImcSdk.__version__ '0.6.2' >>> from ImcSdk import * >>> h=ImcHandle() >>> h.SetDumpXml() >>> h.Login('184.108.40.206,'******','*******') None ====> <?xml version="1.0" ?><aaaLogin inName="******" inPassword="******"/> None <==== <aaaLogin cookie="" response="yes" outCookie="1430804378/bd87081e-154f-154f-8007-ee44d202b884" outRefreshPeriod="600" outPriv="read-only" outSessionId="14" outVersion="2.0(3e)"> </aaaLogin> None ====> <?xml version="1.0" ?><configResolveDn cookie="1430804378/bd87081e-154f-154f-8007-ee44d202b884" dn="sys/rack-unit-1" inHierarchical="false"/> None <==== <configResolveDn cookie="1430804378/bd87081e-154f-154f-8007-ee44d202b884" response="yes" dn="sys/rack-unit-1"> <outConfig> <computeRackUnit dn="sys/rack-unit-1" adminPower="policy" availableMemory="65536" model="UCSC-C220-M4S" memorySpeed="1866" name="UCS C220 M4S" numOfAdaptors="1" numOfCores="16" numOfCoresEnabled="16" numOfCpus="2" numOfEthHostIfs="0" numOfFcHostIfs="0" numOfThreads="32" operPower="off" originalUuid="C7F87DE7-4293-4B78-8429-0B93CA807147" presence="equipped" serverId="1" serial="FCH1910V09E" totalMemory="65536" usrLbl="" uuid="C7F87DE7-4293-4B78-8429-0B93CA807147" vendor="Cisco Systems Inc" ></computeRackUnit></outConfig> </configResolveDn> None ====> <?xml version="1.0" ?><configResolveClass classId="networkElement" cookie="1430804378/bd87081e-154f-154f-8007-ee44d202b884" inHierarchical="false"/> None <==== <error cookie="" response="yes" errorCode="ERR-xml-parse-error" invocationResult="594" errorDescr="XML PARSING ERROR: no class named networkElement" /> None ====> <?xml version="1.0" ?><configResolveDn cookie="1430804378/bd87081e-154f-154f-8007-ee44d202b884" dn="sys" inHierarchical="false"/> None <==== <configResolveDn cookie="1430804378/bd87081e-154f-154f-8007-ee44d202b884" response="yes" dn="sys"> <outConfig> <topSystem dn="sys" address="220.127.116.11" currentTime="Tue May 5 05:39:44 2015 " localTime="Tue May 5 05:39:44 2015 UTC" timeZone="UTC" mode="stand-alone" name="C220-FCH1910xxxx" ></topSystem></outConfig> </configResolveDn> True ******* Output from the nagios plugin ********* ./cisco_ucs_nagios -H 18.104.22.168 -u ****** -p ****** --type dn -q sys/rack-unit-1 Error is of Type : UcsException Message >> [ErrorCode]: ERR-xml-parse-error[ErrorDescription]: XML PARSING ERROR: No such XML API method by name configResolveDns Error while trying to run the UCS Nagios monitoring service. Check for Nagios logs as it may help finding error details. ******* Output from autodiscovery ************* [root@localhost autodiscovery]# ./NagiosAutoDiscoveryUCS.py UCS host information csv file /usr/local/nagios/ucs/autodiscovery/UCSHostInfo.csv /usr/local/nagios/ucs/autodiscovery/NagiosAutoDiscoveryUCS.cfg File exists Removing the folder path : /usr/local/nagios/etc/cisco/ucsObjs Copying the payload to /usr/local/nagios/etc/cisco/ucsObjs ------------------------------------------------------------ Connecting to UCS - '22.214.171.124' with user '*****' and password 'xxxxxxxxxx' Connect using NoSsl as 'False', port as '443' and proxy as 'None' Error while trying to discover : 126.96.36.199 Error is of Type : Exception Message >> cannot concatenate 'str' and 'NoneType' objects Error while trying to auto discover UCS Infrastructure. Check if any of the UCS are reachable. [root@localhost autodiscovery]#
... View more
Hi Jouni, Correct, the tunnel is going over a different private wan link than the path (default route) going to the Internet over another interface. I'm not using any NAT at all in the configuration, no statics or dynamics (not required). I've simply used the example from the 8.4 configuration guide but I'll paste some sanitized configs on here later with packet traces. What I tend to find is, as soon as there is a default route on the firewall, the traffic which should match the crypto acl and be sent across the VPN is instead sent unencrypted via the default route. So the tunnel therefore never comes up. If I make the routes between the Asa's the default route temporarily, then the traffic matches the crypto map, tunnel comes up and traverses ok. If I remove the default routes altogether then the ASA cannot find an egress interface and drops the traffic. I'll paste more info and exact messages in a few hours. Thanks for your reply. Paul Sent from Cisco Technical Support iPhone App
... View more
Hi, I'm setting up a simple LAN to LAN IKEv1 VPN between a couple of ASA 5510s. Using the sample config published in the 8.4 configuration guide I am able to establish a VPN tunnel between the sites, but ONLY if the the default gateway is set on each of the ASAs via the path the tunnel will be taking. It doesn't work if I set static routes on the ASAs which include the peer ASA's outside IP address (I've even tried adding the remote site IP ranges as static routes pointing at the gateway towards the opposite site to see if that would help). Its a strange one as I wouldn't have expected this behavior. I am not using NAT (or NAT exempt) as I do not believe this should be required with this version of ASA. I've seen another posting on the forums which seems to be the same issue but their solution seemed to be use a nat exempt to give the ASA the correct egress interface - I've tried the same and it hasn't worked, plus that sounds like it would have been a workaround at best. FYI - A default route will be used in this system but not between the two sites, hence why I cannot leave it set for the intersite link to get this working. Any ideas please? Thanks Paul
... View more