CiscoWorks LMS 4.0.1 and ASA 5540

I've added an ASA-5540 to the group of systems I backup each night. When the admin logs into the ASA in the morning, he sees the "save configuration" flag has been set. This started the same day CiscoWorks saved teh configuration. What is CiscoWorks doing to set this flag, and how do I stop it? It should only be reading the configuration. Thanks.

Ideally LMS should not save configuration only when LMS is taking the backup of configuration. This can be easily tested, if you try to run an instant job for Configuration Archive under Configuration > Sync Archive and see it on the ASA if it shows "save configuration" flag set.
It should be something else on either LMS or somewhere outside. In LMS it could be something like a NetConfig Job which may save configuration or other options like deploy configuration, which is very unlikely.
Before we stop it, we need to test and confirm, it is actually LMS,. You can also try to suspend the device once from LMS to see if next day you still see similar flag set.
Once we confirm it is LMS, we can test which action of LMS is doing it and how to prevent.
-Thanks
Vinod
** Encourage Contributors. RATE them**

Similar Messages

CiscoWorks LMS 4.0.1 and devices other than Cisco.

Hello.
Can I use some CiscoWorks LMS functions like config management, topology, with devices other than Cisco?
Thanks.
Andrea

No, RME, Campus and DFM are still hardcoded to restrict to cisco devices.
HUM and IPSLA are more open.
The functionality from the HUM will allow you to monitor availablilty, interfaces and you can add OID's yourself.
IPSLA can use non cisco devices as a target for their tests.
Cheers,
Michel

Ciscoworks LMS 4.0.1 and 3850 switch support

HI, I want to know if 3850 switch is supported in ciscoworks LMS 4.0.1, I added the devices, inventory collections successful but devices icon is blue with question mark "?" and config sync fails always.
I tried to download the packages to install it but I couldn't find it.
thanks fo help

Yes LMS 4.2 needs a new license. You can probably check once if your LMS 4.0.1 license allows you a free upgrade.
Many old LMS 4.0.1 were offered free Cisco Prime Infrastructure 1.x, which has LMS 4.2 available with.
You can check the contract covering your LMS 4.0 on Product upgrade tool :
http://tools.cisco.com/gct/Upgrade/jsp/productUpgrade.jsp
-Thanks
Vinod
**Rating Encourages contributors, and its really free. **

CiscoWorks LMS 3.1: HUM and Web access issue...

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
Hi there,
I would like to seek your counsel with regards to the recent incident that we encountered with our CiscoWorks LMS 3.1 running on Solaris 10.
A few days ago, we received a few complains from our users that they were unable to view the pollers or contents of the TOP-N <CPU | Memory | Interface> Utilization on the HUM’s home page (see attached file, hum_homepage.jpg).
We (tech support guys) checked the pollers’ status and they’re all Active (see attached file, pollers.jpg); we notified our Administrators and requested for a copy of the HUMPortal.log (see attached file, humportal.zip).
The following day, while waiting for the HUMPortal.log, we received reports that users accessing the HUM home page are stuck with the message “loading…” on all TOP-N Utilization reports.
As we were about to re-queue our request from our administrators, we received reports (a few hours ago) that our CiscoWorks LMS is inaccessible via web browser.
We alerted our administrators and they attempted to restart the Daemon Manager (/etc/init.d/dmgmtd); they were able to successfully shut it down but took several attempts to start it up.
As they attempt to start up the Daemon Manager, they encountered the following error message:
# /etc/init.d/dmgtd start
Error: Daemon Management could not start. Trying again
Error: Unable to bind to port, please check port (42340) state and permissions.
Error: If the port is in use, please try starting Daemon Manager once it become free.
After several minutes passed, they were able to start up the Daemon Manager successfully although the CiscoWorks LMS is still inaccessible via web browser.
We requested for a copy of the “pdshow –brief” log and every daemon (as far as I know) seemed to be working fine but it never hurts to ask for help to verify my findings (see attached file, pdshow0818a.log).
As of the moment of this writing, we are still unable to access CiscoWorks LMS via web browser; any insight or suggestion on the next step to take in troubleshooting and eventually solving this problem is very much appreciated.

The port 42340 issue is most likley not related to the HUM issue you described. The latest log entry you provided indicates "Possible reasons for 'No Data' in HUM Portlets could be either Poller is not configured, or Poller is deactivated, or Poller Failure has occurred, or Summarization job did not start." The error is repeated back to the beginning of the file dated Aug 14 16:39.
To focus on the HUM issue:
Did any change occur on or around the 14th that you are aware of?
Please provide some additional debugs:
1. Please enable debug for "UPMProcess"
Log files are stored here: #/var/adm/CSCOpx/log/#
- HUMPortal.log
- upm_summarization.log
- jrm.log
- upm_process.log
2. To set log levels:
*Health and Utilization Monitor > Admin > System Preferences*.
- Select Log Level Settings.
- Select the application module from the drop-down list.
- Select the Debug log level from the Logging Level drop-down list.
Thanks,
Nick

LMS 4.2.3 and ASA SNMP v3 not working

I have ASA running version 8.2.5 and using snmp v3 as below;
snmp-server group Authentication&Encryption v3 priv
snmp-server user SNMP_TEST Authentication&Encryption v3 encrypted auth md5 cisco123 priv aes 128 password123
snmp-server host IN 10.10.10.110 version 3 SNMP_TEST
LMS device credential is as per above SNMPv3 config
Can't get this to work. Digging aroung but no avail. Any help is appreciated. I also try this on ASA 9.1 but same result.
This is my LAB environment.
Thanks. TS-Support

Thank you for your reply.
I can manually poll using SNMP v3 with the credentials (user, auth and priv).
I have other devices switches and routers also using SNMPv3 and was able to see the device using chassisview.
Since this is a LAB environment for now, I manually added each of these devices. See below; (ASA-VPN) is the device in question. Already tried increasing snmp timeout to 30 secs still no luck.
As you said I try to export using CSV and was successful;
10.10.1.50,10.10.1.50,,,10.10.1.50,1.3.6.1.4.1.9.1.950,0,281231715,CheckThisForSnmpset,,,,SNMP_TEST,cisco123,MD5,password123,AES128,80:0:0:9:3:0:c:85:25:1d:e2:1,,,,,,,,,,,,,,,,
10.10.10.254,10.10.10.254,,,10.10.10.254,1.3.6.1.4.1.9.1.576,0,279120799,,,,,SNMP_TEST,cisco123,MD5,password123,AES128,80:0:0:9:3:0:10:8c:cf:e6:f4:f8,,,,,,,,,,,,,,,,
10.10.100.88,vWLC,,,vWLC,1.3.6.1.4.1.9.1.1631,0,UNKNOWN,,,cisco321,cisco123,,,,,,,,,cisco,!NeverSl33p#,!NeverSl33p#,,,,,,,,,,,
10.10.10.15,ASA-VPN,,,ASA-VPN,1.3.6.1.4.1.9.1.669,0,999990413,,,cisco123,cisco123,SNMP_TEST,cisco123,MD5,password123,AES128,,,,cisco,cisco,cisco,,,,,,,,,,,
;End of CSV file
Thanks.

CiscoWorks LMS 4.0.1 and user tracking utility 2.0.

Hello.
We are using UTU 2.0 on more computers. For one of these we are unable to obtain results from search.
How can I debug UTU?
Thanks.
Regards.
Andrea

UTU uses the same ports as a browser would to connect to LMS. 1741 and 443 depending on what is configured on the LMS side.
You should test from that computer if the used port is open .
Cheers,
Michel

Ciscoworks LMS RME / ASA Firewall configuration pre-shared key savings

Does anybody know the concept about saving pre-shared by Ciscoworks LMS /RME ?
Is there a way to get the unencrypted values from Ciscoworks LMS /RME for an ASA Firewall ?
ASA config. saved with RME
pre-shared-key *
ASA config. saved to TFTP from ASA
pre-shared-key 1ZdmaKVwEkQ66nD37d9kA9fj9z75

If you enable "shadow directory" (RME - Admin - Config Mgmt - Archive Mgmt - Archive Settings), you can find the raw configs in locations such as /var/adm/CSCOpx/files/rme/dcma/shadow/Security_and_VPN/PRIMARY on Solaris, or its Windows equivalent, after one requisite cycle of Periodic Polling and/or Periodic Collection. That's the same config one'd get saving to TFTP manually.
However, I don't recall how to unscramble the "asterisks" in the RME GUI, if at all possible.

CiscoWorks LMS cannot add PIX/ASA in software repository

Hi,
I can see that LMS in RME Software Management cannot add PIX/ASA software saying not supported.
Any configuration issues.
I have got another problem. CiscoWorks LMS need to download IOS on cisco router, the process fails in RME Software Mgt. But the LMS is nated when it goes through the router.
i guess the script does not know the natted ip when running it on the router. If there is a way that I can specify the natted IP of the LMS. Fortunately, it is a nated static IP.
Thanks,
Ashley

Hi Joseph,
It is working fine. My mistake, issue with TFTP source interface.
However, I had got a small issue.
I have got a cisco router which RME accesses with ip natted ip, which you have indicated and It is working fine with RME. RME can manage the router perfectly.
However, DFM is leaving this router in questioned mode. So, the SNMP Credentials must be ok since it is good with RME.
Do I have to specify the Natted DFM ip as well for this router? Or something else must be done.

ASA 5505 + ASA 5540 static VPN, ssh and rdp problems

Greetings!
I've recentely set up a VPN between Cisco ASA 5540(8.4) ana 5505(8.3).
Everything works fine, but there is a small problem that is really annoying me.
From the inside network behind ASA 5505 I connect via rdp or ssh to a host inside ASA 5540.
Then I minimize ssh and rdp windows and don't use it for ten minutes. But I still use VPN for downloading some files.
Then I open ssh window - the session is inactive, open rdp window - I see a black screen (for 10-15 seconds, and then it shows RDP)
There are no timeouts on ssh or rdp hosts configured, via GRE tunnel it works perfectly without any hangs.
What can I do to get rid of this problem?
Thanks in advance.

Dear Fedor,
You could try adding the following commands to your configuration (on both ASAs) in order to increase the timeout values of the specific TCP sessions:
access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 22
access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 3389
class-map TCP_TIMEOUT
      match access-list rdp_ssh
policy-map global_policy
     class TCP_TIMEOUT
          set connection timeout idle 0:30:00
          set connection timeout half 0:30:00
* Please make sure you define the specific RDP and SSH ports in the ACL and avoid the use of "permit ip any any".
Let me know.
Portu.
Please rate any post you find useful.

CISCOWORKS LMS and CISCOSECURE ACS Authenticate any user with HD role

Hi:
We are using CiscoSecure for authentication and authorization for differente apps.
Specifically, any user already in the ACS database is authenticated to log in CiscoWorks LMS, with HD role (this happens although none of the CiscoWorks apps have been checked for this group).
Why is this happening?
We don´t want that any user (although they are only permitted the HD role) could login.
Thanks a lot
Julio

Follow the ACS integration guide to ensure the group you don't want to have access to LMS have the roles set to "NONE" instead of the default HD roles.
http://www.cisco.com/en/US/partner/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/prod_white_paper0900aecd80613f62.html

User tracking not finding any hosts in Ciscoworks LMS 3.1

L.S.
Our test-configuration is as follows:
Application versions:
Ciscoworks LMS 3.1
Ciscoworks Common Services 3.2.0
Campus Manager 5.1.4
We have 31 managed devices in Campus Manager (data has been collected on all),
Edit: All of them show up green in the topology window.
The device are: 2 6509 cores (running IOS s72033_rp-IPSERVICESK9_WAN-M version 12.2(18)SXF8), 1 ASA firewall (running ASA-OS version 8.0.5) and 29 switches (2960 and 3560 models both running ios version 12.2(52)SE). The switches are connected as follows:
User tracking jobs are running normally, but aren't finding any end-hosts or IP phones at all (I suspect around 250-500 hosts+ on these switches)
We are running SNMP v3 on the switches and have added the following configuration items to all the switches:
snmp-server group readonly v3 auth context vlan-1
<repeat for all present snmp-contexts as shown in show snmp context output>
snmp-server group readonly v3 auth context vlan-83
Debugging is enabled in CM->Admin->Debugging Options->User Tracking Server
This is the UT.log file of the last major acquisition:
messages will remian logged to file: D:\PROGRA~1\CSCOpx\log\ut.log
2010/01/13 14:00:01 main MESSAGE ProcessInitializer: Properties will be read from D:\PROGRA~1\CSCOpx\campus\etc\cwsi\ut.properties
I= 0value *.*.*.*
I= 1value 6
I= 2value 1
2010/01/13 14:00:01 main MESSAGE DBConnection: Created new Database connection [hashCode = 10969598]
PartialOrderNode tree dump: time base = VMPSMajor
<root>
    VMPSMajor: <root>
    VMPSMajor:     VMPSMajor.GetXMLData
    VMPSMajor:         VMPSMajor.PingSweep
    VMPSMajor:         VMPSMajor.PopulateFromDCR
    VMPSMajor:             VMPSMajor.GetPortStatus
    VMPSMajor:                 VMPSMajor.GetBridgeTable
    VMPSMajor:             VMPSMajor.Sweep
    VMPSMajor:                 VMPSMajor.GetIpXlateTable
    VMPSMajor:                 VMPSMajor.GetIpv6XlateTable
    VMPSMajor:                     VMPSMajor.GenerateTable6
    VMPSMajor:                         VMPSMajor.GenerateTable
SMFunction evaluation order: time base = VMPSMajor
VMPSMajor.GetXMLData Major
VMPSMajor.PingSweep Minor
VMPSMajor.PopulateFromDCR Major
VMPSMajor.GetPortStatus Minor
VMPSMajor.Sweep Major
VMPSMajor.GetBridgeTable Minor
VMPSMajor.GetIpXlateTable Minor
VMPSMajor.GetIpv6XlateTable Minor
VMPSMajor.GenerateTable6 Major
VMPSMajor.GenerateTable Major
Time base VMPSMajor has 5 major nodes and 3 minor traversals.
log4j:ERROR No appenders could be found for category (CTM.common).
log4j:ERROR Please initialize the log4j system properly.
In classlist loader
In classlist loader processing sub classes
updation done
In classlist loader completed
2010/01/13 14:00:03 main MESSAGE DBConnection: Created new Database connection [hashCode = 12524859]
Calling default
Subnet to SubnetData Map Size :73
2010/01/13 14:01:31 DBConnecton-Reaper MESSAGE DBConnection: Closed Database connection [hashCode = 12524859]
2010/01/13 14:01:31 DBConnecton-Reaper MESSAGE DBConnection: Closed Database connection [hashCode = 10969598]
2010/01/13 14:04:50 main MESSAGE DCRDevWrapper: Closing DCRProxy
I'm slowly getting to a dead end here. What am I missing?

Well, our problem was resolved finally through a weird coincendence after having a websession with a Cisco TAC engineer (TAC case SR 613376661)
We changed the
snmp-server group readonly v3 auth context vlan-xxxx
commands in the switches to:
snmp-server group writeonly v3 auth context vlan-xxxx
that is: use the writestring in the snmp-server groups instead of the read string.
After we changed that, all of the User Tracking mysteriously started working.
As far as I know, the writestring should not be needed, but apparently it is....
Is there any explanation for this?

Ciscoworks LMS 4.2.2 keeps sending icmp to a specific IP

Hi All,
I got the following logs from the syslog server. My Ciscoworks LMS 4.2.2 (IP 10.26.73.1) keeps sending icmp to 128.100.3.221 and generated tons of logs. I checked the Ciscoworks but couldn't locate the IP of 128.100.3.221. Please help me stop the ICMP on the Ciscoworks. Thanks in advance.
1                            2013/06/18 15:12:33.839 EDT            10.26.0.9               Jun 18 2013 15:12:31: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
2                            2013/06/18 15:12:42.105 EDT            10.26.0.9               Jun 18 2013 15:12:39: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
3                            2013/06/18 15:12:44.918 EDT            10.26.0.9               Jun 18 2013 15:12:42: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
4                            2013/06/18 15:12:49.512 EDT            10.26.0.9               Jun 18 2013 15:12:46: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
5                            2013/06/18 15:13:18.562 EDT            10.26.0.9               Jun 18 2013 15:13:15: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
6                            2013/06/18 15:13:19.234 EDT            10.26.0.9               Jun 18 2013 15:13:16: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
7                            2013/06/18 15:13:30.985 EDT            10.26.0.9               Jun 18 2013 15:13:28: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
8                            2013/06/18 15:13:31.361 EDT            10.26.0.9               Jun 18 2013 15:13:28: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
9                            2013/06/18 15:13:52.144 EDT            10.26.0.9               Jun 18 2013 15:13:49: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
10                          2013/06/18 15:13:59.692 EDT            10.26.0.9               Jun 18 2013 15:13:57: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
11                          2013/06/18 15:14:33.727 EDT            10.26.0.9               Jun 18 2013 15:14:31: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
12                          2013/06/18 15:14:42.103 EDT            10.26.0.9               Jun 18 2013 15:14:39: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
13                          2013/06/18 15:14:45.697 EDT            10.26.0.9               Jun 18 2013 15:14:43: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
14                          2013/06/18 15:14:49.213 EDT            10.26.0.9               Jun 18 2013 15:14:46: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
15                          2013/06/18 15:15:19.169 EDT            10.26.0.9               Jun 18 2013 15:15:16: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
16                          2013/06/18 15:15:19.294 EDT            10.26.0.9               Jun 18 2013 15:15:16: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
17                          2013/06/18 15:15:30.467 EDT            10.26.0.9               Jun 18 2013 15:15:27: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
18                          2013/06/18 15:15:31.592 EDT            10.26.0.9               Jun 18 2013 15:15:28: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
19                          2013/06/18 15:15:52.673 EDT            10.26.0.9               Jun 18 2013 15:15:50: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
20                          2013/06/18 15:15:59.720 EDT            10.26.0.9               Jun 18 2013 15:15:57: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
21                          2013/06/18 15:16:34.334 EDT            10.26.0.9               Jun 18 2013 15:16:31: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
22                          2013/06/18 15:16:42.428 EDT            10.26.0.9               Jun 18 2013 15:16:39: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)

You can unmanage or remanage device components using the Detailed Device View (cards, interfaces, ports, IP addresses, and so forth). If you unmanage a component, LMS will ignore subsequent events (including traps).
You can check the details here :
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/lms_monitor/mnt-fault.html#wp1586744

Cisco Prime Infrastructure 2.0 and ASA 55xx platform

Hello,
We recently upgraded to Prime Infrastructure 2.0 with the hope being able to manage our ASA's from PRIME (and complete an LMS migration).
When I attempt to add ASA's to prime i get the following collection errors:
Unable to collect processor and RAM information.          Processor and RAM information.          Unexpected error. See the log file inventory.log for details.
In the logfile I get the following XML parsing error on the MIB:
<palError>
<deviceId>6284310032</deviceId>
<code>VALIDATION_ERROR</code>
<message>Failed to validate output XML: cvc-maxInclusive-valid: Value '3484331296' is not facet-valid with respect to maxInclusive '2147483647' for type 'int'.</message>
<result>
    <result xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="/CISCO-MEMORY-POOL-MIB/xmp-im-file-system-module.xsd">
      <xmp-im-file-system-module>
        <MemoryPoolStatistics>
          <memoryPoolIndex>1</memoryPoolIndex>
          <free>4294967295</free>
          <largestFree>4294967295</largestFree>
          <used>3484331296</used>
        </MemoryPoolStatistics>
To me it seems that the ASA returns a value that is bigger then int32 and thus causes an overflow? Any clues? Workarounds to add an ASA to Prime without checking these MIB'S?
Regards,
Marcel

The X series (all with 64-bit SMP images) are not currently supported by PI 2.0. We can hope for a device update in the coming months to remedy that situation.
If you click on the arrow next to the help icon in the top right of your PI and choose "Device Level Support" you will see:
Cisco ASA-5500 Series Adaptive Security Appliances
Features :
Topology
LLDP Neighbor Discovery
CDP Neighbor Discovery
Configuration
Configuration Archive
Software Image Management
Monitoring
Device Availability
Reachability
Inventory
Physical
System - Memory Pools
Interfaces - IP
Interfaces - Ethernet
Device Type
SYSOIDS
S/W Version
Software
Cisco ASA-5510 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.1.669
OID:1.3.6.1.4.1.9.12.3.1.3.447
Cisco ASA-5510 Adaptive Security Appliance Security Context
OID:1.3.6.1.4.1.9.1.773
Cisco ASA-5520 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.1.670
OID:1.3.6.1.4.1.9.12.3.1.3.448
Cisco ASA-5520 Adaptive Security Appliance Security Context
OID:1.3.6.1.4.1.9.1.671
Cisco ASA-5540 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.1.672
OID:1.3.6.1.4.1.9.12.3.1.3.449
Cisco ASA-5540 Adaptive Security Appliance Security Context
OID:1.3.6.1.4.1.9.1.673
Cisco ASA-5560 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.12.3.1.3.454
Cisco ASA-5550 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.1.753
Cisco ASA-5550 Adaptive Security Appliance Security Context
OID:1.3.6.1.4.1.9.1.763
Cisco ASA-5505 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.1.745
OID:1.3.6.1.4.1.9.12.3.1.3.560
Cisco ASA-5580 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.1.914
Cisco ASA-5585 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.1.1194
OID:1.3.6.1.4.1.9.1.1195
OID:1.3.6.1.4.1.9.1.1196
OID:1.3.6.1.4.1.9.1.1197
Cisco ASA-5585 Adaptive Security Appliance Security Context
OID:1.3.6.1.4.1.9.1.1198
OID:1.3.6.1.4.1.9.1.1199
OID:1.3.6.1.4.1.9.1.1200
OID:1.3.6.1.4.1.9.1.1201
Cisco ASA-5585 Adaptive Security Appliance System Context
OID:1.3.6.1.4.1.9.1.1202
OID:1.3.6.1.4.1.9.1.1203
OID:1.3.6.1.4.1.9.1.1204
OID:1.3.6.1.4.1.9.1.1205
Cisco ASA-5580 Adaptive Security Appliance Security Context
OID:1.3.6.1.4.1.9.1.915
Cisco ASA-5580 Adaptive Security Appliance System Context
OID:1.3.6.1.4.1.9.1.916

ASA 5540 _ I want to ping across inside to outside for testing

ASA 5540 8.2 (5)
I have tried many combinations of command line syntax suggested in this forum but none are providing success so far.
I want to ping from the Inside Interface across to the Outside Interface and visa versa.
I have tried various ACLs as well as "inspect icmp" in the config, etc still no go.
I can ping each interface from the console command line but cannot ping across each interface.
Is this even possible ?
I am open to suggestions.
thanks
Troy
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 192.168.1.1 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.10.10.10 255.255.255.0
ASA-5540-LAB#
ASA-5540-LAB# ping 192.168.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ASA-5540-LAB# ping 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ASA-5540-LAB# ping inside 192.168.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)
ASA-5540-LAB# ping outside 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Success rate is 0 percent (0/5)
ASA-5540-LAB#

Hi Troy,
Remember that the ASA is a security device, so by design it does't support what you are trying to accomplish.
" For For security purposes the security appliance does not support far-end interface ping, that is pinging the IP address of the outside interface from the inside network."
http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/trouble.html#wp1059645
Even if you are trying to ping from the ASA since I see you are trying to do a "source" ping. The source of the packet will be an internal IP address going to the outside IP.
Luis Silva

How do you install RSAC 4.3.2 when upgrading to ciscoworks LMS 3.2.1?

We have ciscoworks LMS 3.2 which we have recently updated to ciscoworks 3.2.1 using the ciscoworks 3.2 Service Pack 1 patch file. In the "Readme for CiscoWorks LAN Management Solution 3.2 Service Pack 1" document, it says that you have to install the Remote Syslog Collector 4.3.2 separately. It says the file (setup.exe) is located at disk1/RSAC. However, ciscoworks 3.2 Service Pack 1 only appears to be a patch file and when we ran the patch file on our Remote Syslog Collector server, the version remained at 4.3.0. When I looked at the server where RME is installed (version 4.3.2), it says that Syslog Analyzer is 4.3.2 and Syslog Collector is version 4.3.0. The patch file doesn't look like it has the installation files for RSAC 4.3.2 and there doesn't seem to be a directory that was created on the RME server to install the updated RSAC from, so how do you upgrade from RSAC 4.3.0 to RSAC 4.3.2?

I opened up a TAC case, worked with TAC, and was able to update RSAC to version 4.3.2. The procedure is:
1. Download the ciscoworks LMS 3.2.1 patch file to the remote syslog server.
2. Create a temporary directory on the remote syslog server (ex. c:\test)
3. Go into the directory with the extracted LMS 3.2.1 patch file and type the command:
Ciscoworks_LMS_3.2.1.exe /extract_all:c:\test
4. Go into the c:\test directory and find the RSAC folder. In the RSAC folder is a setup file. Run setup and install RSAC 4.3.2 over RSAC 4.3.0 (if you uninstall RSAC 4.3.0, you will get a message saying that RSAC 4.3.0 must be installed before installing RSAC 4.3.2)
5. Check the installation by going to Common Services->Software Center->Software Update on the remote syslog server. The version should be RSAC 4.3.2.

CiscoWorks LMS 4.0.1 and ASA 5540

Similar Messages

Maybe you are looking for