Welcome, Guest. Please login or register.

Author Topic: ASA 5520 & ASA 5510 Backup  (Read 4441 times)

Nikp

  • Newbie
  • *
  • Posts: 12
    • View Profile
ASA 5520 & ASA 5510 Backup
« on: April 06, 2010, 03:01:04 PM »
Hello i have nedi 1.05 installed and working with more than 200 devices (all cisco Switch and routers)

I can't backup my ASA,  2 5520 and 2 5510

Adding manualy the decices i have reb bulb on the CLI for all of them.

I'm accesing the ASA with SSH, from the Nedi machine i'm able to connect to all the firewall and do snmpwalk

i tried debug enabling input & output in libcli-netssh.pl but i get nothing.

executing the command  nedi.pl -vdba <Device IP>  i have this message:


Manual-Discovery (1.0.5) with 1 seed on Tue Apr  6 14:51:07 2010
================================================================================
Device                          Status                           Todo/Done-Time
--------------------------------------------------------------------------------
10.110.30.101    C:public-v2+ AsaVPN    SV=4 TY=ASA5510 Cisco Adaptive Security Appliance Version 8.2(1)BI=8.2(1) CPU=1 Mem=136946088 Temp=0
 IF:2   Port    T:1     D:-     VL:0    0       000000000000    Adaptive Security Appliance '0' interface
 IF:1   Null0   T:1     D:-     VL:0    0       000000000000    Adaptive Security Appliance 'Null0' interface
 IF:7   failover        T:6     D:-     VL:0    100000000       001a2f94433c    Adaptive Security Appliance 'failover' interface
 IF:6   Ethernet0/3     T:6     D:-     VL:0    100000000       001a2f94433b    Adaptive Security Appliance 'Ethernet0/3' interface
 IF:4   Pubblica        T:6     D:-     VL:0    100000000       001a2f944339    Adaptive Security Appliance 'Pubblica' interface
 IF:8   Virtual254      T:1     D:-     VL:0    0       000000000000    Adaptive Security Appliance 'Virtual254' interface
 IF:5   Outside T:6     D:-     VL:0    100000000       001a2f94433a    Adaptive Security Appliance 'Outside' interface
 IF:3   Inside  T:6     D:-     VL:0    100000000       001a2f944338    Adaptive Security Appliance 'Inside' interface
 IP:Inside      10.110.30.101/255.255.255.0
 IP:Outside     10.110.36.200/255.255.255.0
 IP:failover    172.30.200.1/255.255.255.0
 IP:Pubblica    Pub IP/255.255.255.192
 New IP:10.110.30.101 (Priority 5)        AaRequested table is empty or does not exist
          IF:   8 interfaces written to nedi.interfaces
MOD:    0 modules written to nedi.modules
VLAN:   0 vlans written to nedi.vlans
NET:    4 networks written to nedi.networks
LINK:   0 (ignoring 0 static) links written to nedi.links
           0/1-0s

Does anyone know what to do to solve the problem?

Thanks

chrisjscott

  • Guest
Re: ASA 5520 & ASA 5510 Backup
« Reply #1 on: May 06, 2010, 06:06:23 PM »
Hi all

I'd like to add that I'm having the same issue with Cisco FWSM 3.2(13) and Cisco ASA 5505 7.2(4).  SNMP for devices shows Green bulb with correct Community String and Version 1.  CLI for devices shows Red bulb with Port -.   Telnet and snmpwalk work fine from nedi host.


-sh-3.2$ ./nedi.pl -bdva 10.255.252.17
Started with relative path
LWP loaded
Net::SSH::Perl not available
OUI:    15969 NIC vendor entries read
DEV:    644 devices read from nedi.devices
LINK:   0 links (WHERE type = "STAT") read from nedi.links
10.255.252.17 added for discovery

Manual-Discovery (1.0.5) with 1 seed on Thu May  6 16:56:45 2010
================================================================================
Device                          Status                           Todo/Done-Time
--------------------------------------------------------------------------------
10.255.252.17    C:<community string removed>-v1+ fwsm-dev       SV=4 TY=FWSM Cisco Firewall Services Module Version 3.2(13)BI=Cisco Firewall Services Module Version 3.2(13) SuReceived noSuchName(2) error-status at error-index 1
CPU=0 Mem=803282472 Mem IO;G;Bytes free=270459352
 IF:1   inside  T:6     D:-     VL:0    1000000000      000bfd2fa640    Firewall Services Module 'inside' interface
 IP:inside      10.255.252.17/255.255.255.252
 New IP:10.255.252.17 (Priority 5)        AaRequested table is empty or does not exist
          IF:   1 interfaces written to nedi.interfaces
MOD:    0 modules written to nedi.modules
VLAN:   0 vlans written to nedi.vlans
NET:    1 networks written to nedi.networks
LINK:   0 (ignoring 0 static) links written to nedi.links
           0/1-1s
--------------------------------------------------------------------------------
Took 0 minutes

Devs:   1 devices discovered
 NOD:table locked!
Node:   2551 nodes read () from nedi.nodes
Building Nodes (i:IP n:non-IP x:ignored f:no IF):
Building IP nodes from Arp cache:
Building non-IP nodes from MAC tables:

Node:   0 IP and 0 non-IP nodes processed
Node:   2551 nodes written to nedi.nodes
 NOD:unlocked & done!


-sh-3.2$ ./nedi.pl -bdva 10.6.67.250
Started with relative path
LWP loaded
Net::SSH::Perl not available
OUI:    15969 NIC vendor entries read
DEV:    644 devices read from nedi.devices
LINK:   0 links (WHERE type = "STAT") read from nedi.links
10.6.67.250 added for discovery

Manual-Discovery (1.0.5) with 1 seed on Thu May  6 16:57:49 2010
================================================================================
Device                          Status                           Todo/Done-Time
--------------------------------------------------------------------------------
10.6.67.250      C:<community string removed>-v1+ cirg-vpn0      SV=4 TY=- Cisco Adaptive Security Appliance Version 7.2(4)
 IF:2   inside  T:1     D:-     VL:0    0       001d70fa97ba    Adaptive Security Appliance 'inside' interface
 IF:1   outside T:1     D:-     VL:0    0       001d70fa97ba    Adaptive Security Appliance 'outside' interface
 IP:inside      10.6.67.250/255.255.252.0
 IP:outside     <public IP removed>/255.255.255.252       AaRequested table is empty or does not exist
          IF:   2 interfaces written to nedi.interfaces
MOD:    0 modules written to nedi.modules
VLAN:   0 vlans written to nedi.vlans
NET:    2 networks written to nedi.networks
LINK:   0 (ignoring 0 static) links written to nedi.links
           0/1-0s
--------------------------------------------------------------------------------
Took 0 minutes

Devs:   1 devices discovered
 NOD:table locked!
Node:   2551 nodes read () from nedi.nodes
Building Nodes (i:IP n:non-IP x:ignored f:no IF):
Building IP nodes from Arp cache:
Building non-IP nodes from MAC tables:

Node:   0 IP and 0 non-IP nodes processed
Node:   2551 nodes written to nedi.nodes
 NOD:unlocked & done!


Any help at all would be greatly received!
Thanks in advance
Chris

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2728
    • View Profile
    • NeDi
Re: ASA 5520 & ASA 5510 Backup
« Reply #2 on: May 07, 2010, 12:56:00 AM »
1.0.6 should improve CLI a lot. But I'll still need some time until I can release it...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

chrisjscott

  • Guest
Re: ASA 5520 & ASA 5510 Backup
« Reply #3 on: May 07, 2010, 11:32:09 AM »
Hi Remo

Thanks for the reply.  I'm glad you didn't notice anything obviously wrong with what I'm trying to do.  I look forward eagerly for the release of 1.0.6.  Over the last few years, NeDi has been increasingly replacing all my other NMS tools for my Cisco network and having it backup the configs of all my devices will increase its dominance.

Kinda off topic for this thread, but it would be great if it could handle inventory and config backup of Cisco Wireless Controllers (and even inventory of LWAPs).  A recent bad experience with the Cisco WCS software and its general annoyance level has me considering throwing it away all together.  I've got a decent spare stock of Cisco gear that I'd be very willing to put to use for testing new NeDi releases against so just let me know if that's something of use.

Many thanks again
Chris

Nikp

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: ASA 5520 & ASA 5510 Backup
« Reply #4 on: May 13, 2010, 11:33:41 AM »
Hi Remo

     Thank's for your reply, I look forward for the new release.

At the moment I notice the same problem also with Cisco 3750 (i have 8 of them)

I agree in total with chrisjscott, also for me Nedi became a real important part of my networks.

I also have WCS (i also had some problem) and Wlan Controller it would be great if in future it will be possible handle also Cisco WLANC :).

Many thank again for all you work.

Nicola