Can NCM 8.3.177 manage Cisco IPS modules within ASAs? I'm finding it difficult to believe there isn't a built-in template for Cisco IPS. NCM cannot download the configurations from the sensors.
Please advise.
Here you go : ) http://thwack.solarwinds.com/docs/DOC-169152?uploadSuccess=true
I manage Cisco IPS modules that are stand alone and inside our ASA with NCM Version 7.0.1. I had no clue they were up to NCM 8.x could have swore we were still in the 7.x releases.
I would check your IPS versions and if they are the latest make sure they are tied to your Raidus/ACS server. They only support Radius and it was only implemented after sensor version 7.0.8 I believe, so you may have to upgrade to get Radius support. If you don't have this done then you have to use a flat account to log into them.
Give me a minute and I will tell you what template I use. I'm pretty sure I just use the Default IOS template, but I will double check and reply with that info as well.
I just checked and we are using the Auto Determine setting for template use when logging into the IPS module and backing up the config. As I was stating above the only issue I ever had was figuring out the Radius options for these devices had to upgrade the code first since they didn't support Radius at first.. They are also a Linux kernel so it makes it a bit weird. Even more so that they only use Radius and not a form of TACACS+ being a Cisco device.
I'm also using Auto Determine, but I cannot download configs.
Session trace:
-----------------------------
[11/13/2012 2:40:57 PM] -----------------NCM 7.0.1 -------------------
[11/13/2012 2:40:57 PM] UseCustomMorePromptBehaviour: False
[11/13/2012 2:40:57 PM] Login Attempts: 1
[11/13/2012 2:40:57 PM] Custom UserName Prompt:
[11/13/2012 2:40:57 PM] Device Template: Cisco IOS-1.3.6.1.4.1.9.ConfigMgmt-Commands
[11/13/2012 2:40:57 PM] System Name: ASA-5540-WKS-IPS02
[11/13/2012 2:40:57 PM] System Description: Linux ASA-5540-WKS-IPS02 2.6.29.1 #42 SMP Mon Aug 27 14:02:55 CDT 2012 i686
[11/13/2012 2:40:57 PM] System OID: 1.3.6.1.4.1.9.1.944
[11/13/2012 2:40:57 PM] OS Image:
[11/13/2012 2:40:57 PM] OS Version:
[11/13/2012 2:40:57 PM] Menu-Based mode=False
[11/13/2012 2:40:57 PM] FreezeLoginForPreCommands mode= False
[11/13/2012 2:40:57 PM]
-->StateChange: Connecting to server<--
[11/13/2012 2:40:57 PM] Got HostFingerPrint: dc:48:e3:fb:8d:97:de:be:c6:7e:ae:a1:74:e7:e1:3f
[11/13/2012 2:40:57 PM] SWTelnet9 Crypto Information Begin
[11/13/2012 2:40:57 PM] Protocol = SSH2
[11/13/2012 2:40:57 PM] RemoteName = SSH-1.99-OpenSSH_5.1
[11/13/2012 2:40:57 PM] SCcipher = aes128-cbc
[11/13/2012 2:40:57 PM] CSCipher = aes128-cbc
[11/13/2012 2:40:57 PM] Keys = ssh-dss
[11/13/2012 2:40:57 PM] SWTelnet9 Crypto Information End
[11/13/2012 2:40:57 PM] Banner received
[11/13/2012 2:40:57 PM] Got Login Challenge: Password:
-->StateChange: Connected to server - idle<--
[11/13/2012 2:40:57 PM] Solarwinds.Net SWTelnet9 Version 9.0.27
[11/13/2012 2:40:57 PM] Connected!
[11/13/2012 2:40:57 PM] --->
[11/13/2012 2:40:57 PM] ProcessLogin State: 0
[11/13/2012 2:40:57 PM] --> Last login: Tue Nov 13 14:38:26 2012 from <asdf>
[11/13/2012 2:40:57 PM] -->
[11/13/2012 2:40:57 PM] --> ***NOTICE***
[11/13/2012 2:40:57 PM] --> This product contains cryptographic features and is subject to United States
[11/13/2012 2:40:57 PM] --> and local country laws governing import, export, transfer and use. Delivery
[11/13/2012 2:40:57 PM] --> of Cisco cryptographic products does not imply third-party authority to import,
[11/13/2012 2:40:57 PM] --> export, distribute or use encryption. Importers, exporters, distributors and
[11/13/2012 2:40:57 PM] --> users are responsible for compliance with U.S. and local country laws. By using
[11/13/2012 2:40:57 PM] --> this product you agree to comply with applicable laws and regulations. If you
[11/13/2012 2:40:57 PM] --> are unable to comply with U.S. and local laws, return this product immediately.
[11/13/2012 2:40:57 PM] --> A summary of U.S. laws governing Cisco cryptographic products may be found at:
[11/13/2012 2:40:57 PM] --> http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
[11/13/2012 2:40:57 PM] --> If you require further assistance please contact us by sending email to
[11/13/2012 2:40:57 PM] --> export@cisco.com.
[11/13/2012 2:40:57 PM] --> ASA-5540-WKS-IPS02#
[11/13/2012 2:40:59 PM] TimerTick: mstrData=<ASA-5540-WKS-IPS02# > State=3 - Connected to server - idle
[11/13/2012 2:40:59 PM] Pending Disconnect = False
[11/13/2012 2:40:59 PM] Sending to get a banner!
[11/13/2012 2:40:59 PM] <--
[11/13/2012 2:40:59 PM] -->
[11/13/2012 2:40:59 PM] --> ASA-5540-WKS-IPS02#
[11/13/2012 2:40:59 PM] ProcessLogin State: 0
[11/13/2012 2:41:01 PM] TimerTick: mstrData=<ASA-5540-WKS-IPS02# > State=3 - Connected to server - idle
[11/13/2012 2:41:01 PM] Pending Disconnect = False
[11/13/2012 2:41:01 PM] TimerTick: Send to CRLF get prompt again
[11/13/2012 2:41:01 PM] <--
[11/13/2012 2:41:01 PM] -->
[11/13/2012 2:41:01 PM] --> ASA-5540-WKS-IPS02#
[11/13/2012 2:41:01 PM] ProcessLogin State: 0
[11/13/2012 2:41:01 PM] Custom Prompt detector detect # prompt
[11/13/2012 2:41:01 PM] no credentials needed - Command mode prompt detected
[11/13/2012 2:41:01 PM] Prompt is being set to : ASA-5540-WKS-IPS02#
[11/13/2012 2:41:01 PM] Logged into Router
[11/13/2012 2:41:01 PM] Start check prompt for menu-based device
[11/13/2012 2:41:01 PM] Process Line = <>
[11/13/2012 2:41:01 PM] Process Line = <ASA-5540-WKS-IPS02# >
[11/13/2012 2:41:01 PM] Fuzzy match detector start detecting prompt. String1=asa-5540-wks-ips02# String2=asa-5540-wks-ips02#
[11/13/2012 2:41:01 PM] <-- terminal width 0
[11/13/2012 2:41:01 PM] --> terminal width 0
[11/13/2012 2:41:01 PM] --> ^
[11/13/2012 2:41:01 PM] --> % Invalid input detected at '^' marker
[11/13/2012 2:41:01 PM] Incomplete buffer with prompt is detected - save all lines to echo buffer
[11/13/2012 2:41:01 PM] Echo not detected yet. Push back data to echo buffer, EchoBuffer = <<<terminal width 0
^
% Invalid input detected at '^' marker
ASA-5540-WKS-IPS02#
>>>
[11/13/2012 2:41:01 PM] Start detecting command echo in echo buffer...
[11/13/2012 2:41:01 PM] Echo is detected, EchoBuffer = <<<terminal width 0
[11/13/2012 2:41:01 PM] Remove Prompt - detected prompt line via RegEx
[11/13/2012 2:41:01 PM] Remove Prompt - prompt line is on invalid place, Save It. value=terminal width 0
FoundPromptLine=ASA-5540-WKS-IPS02#
[11/13/2012 2:41:01 PM] Echo and prompt are removed if they exist, out buffer = <<<^
[11/13/2012 2:41:01 PM] Process Line = <^>
[11/13/2012 2:41:01 PM] Fuzzy match detector start detecting prompt. String1=^ String2=asa-5540-wks-ips02#
[11/13/2012 2:41:01 PM] Save Command Output: ^
[11/13/2012 2:41:01 PM] Process Line = <% Invalid input detected at '^' marker>
[11/13/2012 2:41:01 PM] Fuzzy match detector start detecting prompt. String1=%invalidinputdetectedat'^'marker String2=asa-5540-wks-ips02#
[11/13/2012 2:41:01 PM] Save Command Output: % Invalid input detected at '^' marker
[11/13/2012 2:41:01 PM] <-- terminal length 0
[11/13/2012 2:41:01 PM] --> terminal length 0
[11/13/2012 2:41:01 PM] Echo not detected yet. Push back data to echo buffer, EchoBuffer = <<<terminal length 0
[11/13/2012 2:41:01 PM] Echo is detected, EchoBuffer = <<<terminal length 0
[11/13/2012 2:41:01 PM] Remove Prompt - prompt line is on invalid place, Save It. value=terminal length 0
[11/13/2012 2:41:01 PM] Echo and prompt are removed if they exist, out buffer = <<<ASA-5540-WKS-IPS02#
[11/13/2012 2:41:01 PM] <-- Show running
[11/13/2012 2:41:01 PM] --> Show running
[11/13/2012 2:41:01 PM] Echo not detected yet. Push back data to echo buffer, EchoBuffer = <<<Show running
[11/13/2012 2:41:01 PM] Echo is detected, EchoBuffer = <<<Show running
[11/13/2012 2:41:01 PM] Remove Prompt - prompt line is on invalid place, Save It. value=Show running
[11/13/2012 2:41:01 PM] SendNextCommand Done: Disconnecting
[11/13/2012 2:41:03 PM] TimerTick: mstrData=<> State=3 - Connected to server - idle
[11/13/2012 2:41:03 PM] Pending Disconnect = True
[11/13/2012 2:41:03 PM] Disconnected - From: <ip>
I will have to dig more once I can get back to my work station, but the only thing that sticks out that I see differently is it looks like you are using Telnet, and I use SSH, but this shouldn't be an issue. Let me dig some more and run some test downloads to watch my logs as well.
