CiscoWorks LMS 4.0.1 and ASA 5540
I've added an ASA-5540 to the group of systems I backup each night. When the admin logs into the ASA in the morning, he sees the "save configuration" flag has been set. This started the same day CiscoWorks saved teh configuration. What is CiscoWorks doing to set this flag, and how do I stop it? It should only be reading the configuration. Thanks.
Ideally LMS should not save configuration only when LMS is taking the backup of configuration. This can be easily tested, if you try to run an instant job for Configuration Archive under Configuration > Sync Archive and see it on the ASA if it shows "save configuration" flag set.
It should be something else on either LMS or somewhere outside. In LMS it could be something like a NetConfig Job which may save configuration or other options like deploy configuration, which is very unlikely.
Before we stop it, we need to test and confirm, it is actually LMS,. You can also try to suspend the device once from LMS to see if next day you still see similar flag set.
Once we confirm it is LMS, we can test which action of LMS is doing it and how to prevent.
-Thanks
Vinod
** Encourage Contributors. RATE them**
Similar Messages
-
CiscoWorks LMS 4.0.1 and devices other than Cisco.
Hello.
Can I use some CiscoWorks LMS functions like config management, topology, with devices other than Cisco?
Thanks.
AndreaNo, RME, Campus and DFM are still hardcoded to restrict to cisco devices.
HUM and IPSLA are more open.
The functionality from the HUM will allow you to monitor availablilty, interfaces and you can add OID's yourself.
IPSLA can use non cisco devices as a target for their tests.
Cheers,
Michel -
Ciscoworks LMS 4.0.1 and 3850 switch support
HI, I want to know if 3850 switch is supported in ciscoworks LMS 4.0.1, I added the devices, inventory collections successful but devices icon is blue with question mark "?" and config sync fails always.
I tried to download the packages to install it but I couldn't find it.
thanks fo helpYes LMS 4.2 needs a new license. You can probably check once if your LMS 4.0.1 license allows you a free upgrade.
Many old LMS 4.0.1 were offered free Cisco Prime Infrastructure 1.x, which has LMS 4.2 available with.
You can check the contract covering your LMS 4.0 on Product upgrade tool :
http://tools.cisco.com/gct/Upgrade/jsp/productUpgrade.jsp
-Thanks
Vinod
**Rating Encourages contributors, and its really free. ** -
CiscoWorks LMS 3.1: HUM and Web access issue...
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
Hi there,
I would like to seek your counsel with regards to the recent incident that we encountered with our CiscoWorks LMS 3.1 running on Solaris 10.
A few days ago, we received a few complains from our users that they were unable to view the pollers or contents of the TOP-N <CPU | Memory | Interface> Utilization on the HUM’s home page (see attached file, hum_homepage.jpg).
We (tech support guys) checked the pollers’ status and they’re all Active (see attached file, pollers.jpg); we notified our Administrators and requested for a copy of the HUMPortal.log (see attached file, humportal.zip).
The following day, while waiting for the HUMPortal.log, we received reports that users accessing the HUM home page are stuck with the message “loading…” on all TOP-N Utilization reports.
As we were about to re-queue our request from our administrators, we received reports (a few hours ago) that our CiscoWorks LMS is inaccessible via web browser.
We alerted our administrators and they attempted to restart the Daemon Manager (/etc/init.d/dmgmtd); they were able to successfully shut it down but took several attempts to start it up.
As they attempt to start up the Daemon Manager, they encountered the following error message:
# /etc/init.d/dmgtd start
Error: Daemon Management could not start. Trying again
Error: Unable to bind to port, please check port (42340) state and permissions.
Error: If the port is in use, please try starting Daemon Manager once it become free.
After several minutes passed, they were able to start up the Daemon Manager successfully although the CiscoWorks LMS is still inaccessible via web browser.
We requested for a copy of the “pdshow –brief” log and every daemon (as far as I know) seemed to be working fine but it never hurts to ask for help to verify my findings (see attached file, pdshow0818a.log).
As of the moment of this writing, we are still unable to access CiscoWorks LMS via web browser; any insight or suggestion on the next step to take in troubleshooting and eventually solving this problem is very much appreciated.The port 42340 issue is most likley not related to the HUM issue you described. The latest log entry you provided indicates "Possible reasons for 'No Data' in HUM Portlets could be either Poller is not configured, or Poller is deactivated, or Poller Failure has occurred, or Summarization job did not start." The error is repeated back to the beginning of the file dated Aug 14 16:39.
To focus on the HUM issue:
Did any change occur on or around the 14th that you are aware of?
Please provide some additional debugs:
1. Please enable debug for "UPMProcess"
Log files are stored here: #/var/adm/CSCOpx/log/#
- HUMPortal.log
- upm_summarization.log
- jrm.log
- upm_process.log
2. To set log levels:
*Health and Utilization Monitor > Admin > System Preferences*.
- Select Log Level Settings.
- Select the application module from the drop-down list.
- Select the Debug log level from the Logging Level drop-down list.
Thanks,
Nick -
LMS 4.2.3 and ASA SNMP v3 not working
I have ASA running version 8.2.5 and using snmp v3 as below;
snmp-server group Authentication&Encryption v3 priv
snmp-server user SNMP_TEST Authentication&Encryption v3 encrypted auth md5 cisco123 priv aes 128 password123
snmp-server host IN 10.10.10.110 version 3 SNMP_TEST
LMS device credential is as per above SNMPv3 config
Can't get this to work. Digging aroung but no avail. Any help is appreciated. I also try this on ASA 9.1 but same result.
This is my LAB environment.
Thanks. TS-SupportThank you for your reply.
I can manually poll using SNMP v3 with the credentials (user, auth and priv).
I have other devices switches and routers also using SNMPv3 and was able to see the device using chassisview.
Since this is a LAB environment for now, I manually added each of these devices. See below; (ASA-VPN) is the device in question. Already tried increasing snmp timeout to 30 secs still no luck.
As you said I try to export using CSV and was successful;
10.10.1.50,10.10.1.50,,,10.10.1.50,1.3.6.1.4.1.9.1.950,0,281231715,CheckThisForSnmpset,,,,SNMP_TEST,cisco123,MD5,password123,AES128,80:0:0:9:3:0:c:85:25:1d:e2:1,,,,,,,,,,,,,,,,
10.10.10.254,10.10.10.254,,,10.10.10.254,1.3.6.1.4.1.9.1.576,0,279120799,,,,,SNMP_TEST,cisco123,MD5,password123,AES128,80:0:0:9:3:0:10:8c:cf:e6:f4:f8,,,,,,,,,,,,,,,,
10.10.100.88,vWLC,,,vWLC,1.3.6.1.4.1.9.1.1631,0,UNKNOWN,,,cisco321,cisco123,,,,,,,,,cisco,!NeverSl33p#,!NeverSl33p#,,,,,,,,,,,
10.10.10.15,ASA-VPN,,,ASA-VPN,1.3.6.1.4.1.9.1.669,0,999990413,,,cisco123,cisco123,SNMP_TEST,cisco123,MD5,password123,AES128,,,,cisco,cisco,cisco,,,,,,,,,,,
;End of CSV file
Thanks. -
CiscoWorks LMS 4.0.1 and user tracking utility 2.0.
Hello.
We are using UTU 2.0 on more computers. For one of these we are unable to obtain results from search.
How can I debug UTU?
Thanks.
Regards.
AndreaUTU uses the same ports as a browser would to connect to LMS. 1741 and 443 depending on what is configured on the LMS side.
You should test from that computer if the used port is open .
Cheers,
Michel -
Ciscoworks LMS RME / ASA Firewall configuration pre-shared key savings
Does anybody know the concept about saving pre-shared by Ciscoworks LMS /RME ?
Is there a way to get the unencrypted values from Ciscoworks LMS /RME for an ASA Firewall ?
ASA config. saved with RME
pre-shared-key *
ASA config. saved to TFTP from ASA
pre-shared-key 1ZdmaKVwEkQ66nD37d9kA9fj9z75If you enable "shadow directory" (RME - Admin - Config Mgmt - Archive Mgmt - Archive Settings), you can find the raw configs in locations such as /var/adm/CSCOpx/files/rme/dcma/shadow/Security_and_VPN/PRIMARY on Solaris, or its Windows equivalent, after one requisite cycle of Periodic Polling and/or Periodic Collection. That's the same config one'd get saving to TFTP manually.
However, I don't recall how to unscramble the "asterisks" in the RME GUI, if at all possible. -
CiscoWorks LMS cannot add PIX/ASA in software repository
Hi,
I can see that LMS in RME Software Management cannot add PIX/ASA software saying not supported.
Any configuration issues.
I have got another problem. CiscoWorks LMS need to download IOS on cisco router, the process fails in RME Software Mgt. But the LMS is nated when it goes through the router.
i guess the script does not know the natted ip when running it on the router. If there is a way that I can specify the natted IP of the LMS. Fortunately, it is a nated static IP.
Thanks,
AshleyHi Joseph,
It is working fine. My mistake, issue with TFTP source interface.
However, I had got a small issue.
I have got a cisco router which RME accesses with ip natted ip, which you have indicated and It is working fine with RME. RME can manage the router perfectly.
However, DFM is leaving this router in questioned mode. So, the SNMP Credentials must be ok since it is good with RME.
Do I have to specify the Natted DFM ip as well for this router? Or something else must be done. -
ASA 5505 + ASA 5540 static VPN, ssh and rdp problems
Greetings!
I've recentely set up a VPN between Cisco ASA 5540(8.4) ana 5505(8.3).
Everything works fine, but there is a small problem that is really annoying me.
From the inside network behind ASA 5505 I connect via rdp or ssh to a host inside ASA 5540.
Then I minimize ssh and rdp windows and don't use it for ten minutes. But I still use VPN for downloading some files.
Then I open ssh window - the session is inactive, open rdp window - I see a black screen (for 10-15 seconds, and then it shows RDP)
There are no timeouts on ssh or rdp hosts configured, via GRE tunnel it works perfectly without any hangs.
What can I do to get rid of this problem?
Thanks in advance.Dear Fedor,
You could try adding the following commands to your configuration (on both ASAs) in order to increase the timeout values of the specific TCP sessions:
access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 22
access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 3389
class-map TCP_TIMEOUT
match access-list rdp_ssh
policy-map global_policy
class TCP_TIMEOUT
set connection timeout idle 0:30:00
set connection timeout half 0:30:00
* Please make sure you define the specific RDP and SSH ports in the ACL and avoid the use of "permit ip any any".
Let me know.
Portu.
Please rate any post you find useful. -
CISCOWORKS LMS and CISCOSECURE ACS Authenticate any user with HD role
Hi:
We are using CiscoSecure for authentication and authorization for differente apps.
Specifically, any user already in the ACS database is authenticated to log in CiscoWorks LMS, with HD role (this happens although none of the CiscoWorks apps have been checked for this group).
Why is this happening?
We don´t want that any user (although they are only permitted the HD role) could login.
Thanks a lot
JulioFollow the ACS integration guide to ensure the group you don't want to have access to LMS have the roles set to "NONE" instead of the default HD roles.
http://www.cisco.com/en/US/partner/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/prod_white_paper0900aecd80613f62.html -
User tracking not finding any hosts in Ciscoworks LMS 3.1
L.S.
Our test-configuration is as follows:
Application versions:
Ciscoworks LMS 3.1
Ciscoworks Common Services 3.2.0
Campus Manager 5.1.4
We have 31 managed devices in Campus Manager (data has been collected on all),
Edit: All of them show up green in the topology window.
The device are: 2 6509 cores (running IOS s72033_rp-IPSERVICESK9_WAN-M version 12.2(18)SXF8), 1 ASA firewall (running ASA-OS version 8.0.5) and 29 switches (2960 and 3560 models both running ios version 12.2(52)SE). The switches are connected as follows:
User tracking jobs are running normally, but aren't finding any end-hosts or IP phones at all (I suspect around 250-500 hosts+ on these switches)
We are running SNMP v3 on the switches and have added the following configuration items to all the switches:
snmp-server group readonly v3 auth context vlan-1
<repeat for all present snmp-contexts as shown in show snmp context output>
snmp-server group readonly v3 auth context vlan-83
Debugging is enabled in CM->Admin->Debugging Options->User Tracking Server
This is the UT.log file of the last major acquisition:
messages will remian logged to file: D:\PROGRA~1\CSCOpx\log\ut.log
2010/01/13 14:00:01 main MESSAGE ProcessInitializer: Properties will be read from D:\PROGRA~1\CSCOpx\campus\etc\cwsi\ut.properties
I= 0value *.*.*.*
I= 1value 6
I= 2value 1
2010/01/13 14:00:01 main MESSAGE DBConnection: Created new Database connection [hashCode = 10969598]
PartialOrderNode tree dump: time base = VMPSMajor
<root>
VMPSMajor: <root>
VMPSMajor: VMPSMajor.GetXMLData
VMPSMajor: VMPSMajor.PingSweep
VMPSMajor: VMPSMajor.PopulateFromDCR
VMPSMajor: VMPSMajor.GetPortStatus
VMPSMajor: VMPSMajor.GetBridgeTable
VMPSMajor: VMPSMajor.Sweep
VMPSMajor: VMPSMajor.GetIpXlateTable
VMPSMajor: VMPSMajor.GetIpv6XlateTable
VMPSMajor: VMPSMajor.GenerateTable6
VMPSMajor: VMPSMajor.GenerateTable
SMFunction evaluation order: time base = VMPSMajor
VMPSMajor.GetXMLData Major
VMPSMajor.PingSweep Minor
VMPSMajor.PopulateFromDCR Major
VMPSMajor.GetPortStatus Minor
VMPSMajor.Sweep Major
VMPSMajor.GetBridgeTable Minor
VMPSMajor.GetIpXlateTable Minor
VMPSMajor.GetIpv6XlateTable Minor
VMPSMajor.GenerateTable6 Major
VMPSMajor.GenerateTable Major
Time base VMPSMajor has 5 major nodes and 3 minor traversals.
log4j:ERROR No appenders could be found for category (CTM.common).
log4j:ERROR Please initialize the log4j system properly.
In classlist loader
In classlist loader processing sub classes
updation done
In classlist loader completed
2010/01/13 14:00:03 main MESSAGE DBConnection: Created new Database connection [hashCode = 12524859]
Calling default
Subnet to SubnetData Map Size :73
2010/01/13 14:01:31 DBConnecton-Reaper MESSAGE DBConnection: Closed Database connection [hashCode = 12524859]
2010/01/13 14:01:31 DBConnecton-Reaper MESSAGE DBConnection: Closed Database connection [hashCode = 10969598]
2010/01/13 14:04:50 main MESSAGE DCRDevWrapper: Closing DCRProxy
I'm slowly getting to a dead end here. What am I missing?Well, our problem was resolved finally through a weird coincendence after having a websession with a Cisco TAC engineer (TAC case SR 613376661)
We changed the
snmp-server group readonly v3 auth context vlan-xxxx
commands in the switches to:
snmp-server group writeonly v3 auth context vlan-xxxx
that is: use the writestring in the snmp-server groups instead of the read string.
After we changed that, all of the User Tracking mysteriously started working.
As far as I know, the writestring should not be needed, but apparently it is....
Is there any explanation for this? -
Ciscoworks LMS 4.2.2 keeps sending icmp to a specific IP
Hi All,
I got the following logs from the syslog server. My Ciscoworks LMS 4.2.2 (IP 10.26.73.1) keeps sending icmp to 128.100.3.221 and generated tons of logs. I checked the Ciscoworks but couldn't locate the IP of 128.100.3.221. Please help me stop the ICMP on the Ciscoworks. Thanks in advance.
1 2013/06/18 15:12:33.839 EDT 10.26.0.9 Jun 18 2013 15:12:31: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
2 2013/06/18 15:12:42.105 EDT 10.26.0.9 Jun 18 2013 15:12:39: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
3 2013/06/18 15:12:44.918 EDT 10.26.0.9 Jun 18 2013 15:12:42: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
4 2013/06/18 15:12:49.512 EDT 10.26.0.9 Jun 18 2013 15:12:46: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
5 2013/06/18 15:13:18.562 EDT 10.26.0.9 Jun 18 2013 15:13:15: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
6 2013/06/18 15:13:19.234 EDT 10.26.0.9 Jun 18 2013 15:13:16: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
7 2013/06/18 15:13:30.985 EDT 10.26.0.9 Jun 18 2013 15:13:28: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
8 2013/06/18 15:13:31.361 EDT 10.26.0.9 Jun 18 2013 15:13:28: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
9 2013/06/18 15:13:52.144 EDT 10.26.0.9 Jun 18 2013 15:13:49: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
10 2013/06/18 15:13:59.692 EDT 10.26.0.9 Jun 18 2013 15:13:57: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
11 2013/06/18 15:14:33.727 EDT 10.26.0.9 Jun 18 2013 15:14:31: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
12 2013/06/18 15:14:42.103 EDT 10.26.0.9 Jun 18 2013 15:14:39: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
13 2013/06/18 15:14:45.697 EDT 10.26.0.9 Jun 18 2013 15:14:43: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
14 2013/06/18 15:14:49.213 EDT 10.26.0.9 Jun 18 2013 15:14:46: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
15 2013/06/18 15:15:19.169 EDT 10.26.0.9 Jun 18 2013 15:15:16: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
16 2013/06/18 15:15:19.294 EDT 10.26.0.9 Jun 18 2013 15:15:16: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
17 2013/06/18 15:15:30.467 EDT 10.26.0.9 Jun 18 2013 15:15:27: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
18 2013/06/18 15:15:31.592 EDT 10.26.0.9 Jun 18 2013 15:15:28: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
19 2013/06/18 15:15:52.673 EDT 10.26.0.9 Jun 18 2013 15:15:50: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
20 2013/06/18 15:15:59.720 EDT 10.26.0.9 Jun 18 2013 15:15:57: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.205 (type 8, code 0)
21 2013/06/18 15:16:34.334 EDT 10.26.0.9 Jun 18 2013 15:16:31: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)
22 2013/06/18 15:16:42.428 EDT 10.26.0.9 Jun 18 2013 15:16:39: %ASA-3-106014: Deny inbound icmp src inside:10.26.73.1 dst inside:128.100.3.221 (type 8, code 0)You can unmanage or remanage device components using the Detailed Device View (cards, interfaces, ports, IP addresses, and so forth). If you unmanage a component, LMS will ignore subsequent events (including traps).
You can check the details here :
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/lms_monitor/mnt-fault.html#wp1586744 -
Cisco Prime Infrastructure 2.0 and ASA 55xx platform
Hello,
We recently upgraded to Prime Infrastructure 2.0 with the hope being able to manage our ASA's from PRIME (and complete an LMS migration).
When I attempt to add ASA's to prime i get the following collection errors:
Unable to collect processor and RAM information. Processor and RAM information. Unexpected error. See the log file inventory.log for details.
In the logfile I get the following XML parsing error on the MIB:
<palError>
<deviceId>6284310032</deviceId>
<code>VALIDATION_ERROR</code>
<message>Failed to validate output XML: cvc-maxInclusive-valid: Value '3484331296' is not facet-valid with respect to maxInclusive '2147483647' for type 'int'.</message>
<result>
<result xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="/CISCO-MEMORY-POOL-MIB/xmp-im-file-system-module.xsd">
<xmp-im-file-system-module>
<MemoryPoolStatistics>
<memoryPoolIndex>1</memoryPoolIndex>
<free>4294967295</free>
<largestFree>4294967295</largestFree>
<used>3484331296</used>
</MemoryPoolStatistics>
To me it seems that the ASA returns a value that is bigger then int32 and thus causes an overflow? Any clues? Workarounds to add an ASA to Prime without checking these MIB'S?
Regards,
MarcelThe X series (all with 64-bit SMP images) are not currently supported by PI 2.0. We can hope for a device update in the coming months to remedy that situation.
If you click on the arrow next to the help icon in the top right of your PI and choose "Device Level Support" you will see:
Cisco ASA-5500 Series Adaptive Security Appliances
Features :
Topology
LLDP Neighbor Discovery
CDP Neighbor Discovery
Configuration
Configuration Archive
Software Image Management
Monitoring
Device Availability
Reachability
Inventory
Physical
System - Memory Pools
Interfaces - IP
Interfaces - Ethernet
Device Type
SYSOIDS
S/W Version
Software
Cisco ASA-5510 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.1.669
OID:1.3.6.1.4.1.9.12.3.1.3.447
Cisco ASA-5510 Adaptive Security Appliance Security Context
OID:1.3.6.1.4.1.9.1.773
Cisco ASA-5520 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.1.670
OID:1.3.6.1.4.1.9.12.3.1.3.448
Cisco ASA-5520 Adaptive Security Appliance Security Context
OID:1.3.6.1.4.1.9.1.671
Cisco ASA-5540 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.1.672
OID:1.3.6.1.4.1.9.12.3.1.3.449
Cisco ASA-5540 Adaptive Security Appliance Security Context
OID:1.3.6.1.4.1.9.1.673
Cisco ASA-5560 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.12.3.1.3.454
Cisco ASA-5550 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.1.753
Cisco ASA-5550 Adaptive Security Appliance Security Context
OID:1.3.6.1.4.1.9.1.763
Cisco ASA-5505 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.1.745
OID:1.3.6.1.4.1.9.12.3.1.3.560
Cisco ASA-5580 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.1.914
Cisco ASA-5585 Adaptive Security Appliance
OID:1.3.6.1.4.1.9.1.1194
OID:1.3.6.1.4.1.9.1.1195
OID:1.3.6.1.4.1.9.1.1196
OID:1.3.6.1.4.1.9.1.1197
Cisco ASA-5585 Adaptive Security Appliance Security Context
OID:1.3.6.1.4.1.9.1.1198
OID:1.3.6.1.4.1.9.1.1199
OID:1.3.6.1.4.1.9.1.1200
OID:1.3.6.1.4.1.9.1.1201
Cisco ASA-5585 Adaptive Security Appliance System Context
OID:1.3.6.1.4.1.9.1.1202
OID:1.3.6.1.4.1.9.1.1203
OID:1.3.6.1.4.1.9.1.1204
OID:1.3.6.1.4.1.9.1.1205
Cisco ASA-5580 Adaptive Security Appliance Security Context
OID:1.3.6.1.4.1.9.1.915
Cisco ASA-5580 Adaptive Security Appliance System Context
OID:1.3.6.1.4.1.9.1.916 -
ASA 5540 _ I want to ping across inside to outside for testing
ASA 5540 8.2 (5)
I have tried many combinations of command line syntax suggested in this forum but none are providing success so far.
I want to ping from the Inside Interface across to the Outside Interface and visa versa.
I have tried various ACLs as well as "inspect icmp" in the config, etc still no go.
I can ping each interface from the console command line but cannot ping across each interface.
Is this even possible ?
I am open to suggestions.
thanks
Troy
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 192.168.1.1 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.10.10.10 255.255.255.0
ASA-5540-LAB#
ASA-5540-LAB# ping 192.168.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ASA-5540-LAB# ping 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ASA-5540-LAB# ping inside 192.168.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)
ASA-5540-LAB# ping outside 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Success rate is 0 percent (0/5)
ASA-5540-LAB#Hi Troy,
Remember that the ASA is a security device, so by design it does't support what you are trying to accomplish.
" For For security purposes the security appliance does not support far-end interface ping, that is pinging the IP address of the outside interface from the inside network."
http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/trouble.html#wp1059645
Even if you are trying to ping from the ASA since I see you are trying to do a "source" ping. The source of the packet will be an internal IP address going to the outside IP.
Luis Silva -
We have ciscoworks LMS 3.2 which we have recently updated to ciscoworks 3.2.1 using the ciscoworks 3.2 Service Pack 1 patch file. In the "Readme for CiscoWorks LAN Management Solution 3.2 Service Pack 1" document, it says that you have to install the Remote Syslog Collector 4.3.2 separately. It says the file (setup.exe) is located at disk1/RSAC. However, ciscoworks 3.2 Service Pack 1 only appears to be a patch file and when we ran the patch file on our Remote Syslog Collector server, the version remained at 4.3.0. When I looked at the server where RME is installed (version 4.3.2), it says that Syslog Analyzer is 4.3.2 and Syslog Collector is version 4.3.0. The patch file doesn't look like it has the installation files for RSAC 4.3.2 and there doesn't seem to be a directory that was created on the RME server to install the updated RSAC from, so how do you upgrade from RSAC 4.3.0 to RSAC 4.3.2?
I opened up a TAC case, worked with TAC, and was able to update RSAC to version 4.3.2. The procedure is:
1. Download the ciscoworks LMS 3.2.1 patch file to the remote syslog server.
2. Create a temporary directory on the remote syslog server (ex. c:\test)
3. Go into the directory with the extracted LMS 3.2.1 patch file and type the command:
Ciscoworks_LMS_3.2.1.exe /extract_all:c:\test
4. Go into the c:\test directory and find the RSAC folder. In the RSAC folder is a setup file. Run setup and install RSAC 4.3.2 over RSAC 4.3.0 (if you uninstall RSAC 4.3.0, you will get a message saying that RSAC 4.3.0 must be installed before installing RSAC 4.3.2)
5. Check the installation by going to Common Services->Software Center->Software Update on the remote syslog server. The version should be RSAC 4.3.2.
Maybe you are looking for
-
Photo gallery changing background
Hi, New to spry - am working with the photo gallery (wonderful stuff btw, thx!). Looking to change the body black bkground - where do I do this?
-
Missing edit indication on main preview in D module
Unless filmstrip shows, we cannot see if an image was edited or not. With a crop in place, we cannot see the new images size, and maybe even a "pixel loss" count caused by a crop and rotation.
-
Is that problem with 10.6 iTunes still a problem. I went back to 10.5.3 but I need to know if I can get the newest version now and it not freeze when I plug in my ipod nano. Thanks.
-
It's great to be able to add appointments (events) to my iCal by emailing myself from Outlook, however, if I want to delete the event I can't! Is there anyway to edit an invite (either to change time/date or delete) that was sent to you? Thanks in ad
-
Macbook Pro Retina BOOTCAMP & StarCraft 2 Issues
I am using a Macbook Pro with Retina Display 13-inch (256GB, late 2014). 1. I run StarCraft 2 on Mac OS. The fan speed gets really high whenever I do so. I do know that this is a heavy task (so I don't really thing there are any problems here), but j