This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Cisco ASA IPS Configuration Download

Hello,

I created a basic command template for the Cisco ASA IPS that we are using. I use this to download the configuration. I am able to download the configuration using a job that I created in Solarwinds NCM. However, when the "show configuration" command is entered at IPS' CLI, it takes sometime before the IPS show the configuration. While waiting for the configuration printout @ CLI, the IPS shows the message @ CLI "Generating Configuration" which is just a single line. If I manually login at CLI and issue "show configuration" the "Generating Configuration" is only a single line. However, when the job is used to download the configuration, there are multiple lines containing "Generating Configuration" before the actual start of the configuration. Is there a way for me to get rid of these before the configuration is saved into the NCM archive? Your thoughts will be greatly appreciated.

  • How long does it take from the time you issue the "show configuration" and first see the Generating Configuration.... until you actually see any of the config file itself?

    Also how many of these Generating Configuration.... lines do you see at the top of the configs stored by NCM?

  • I tried to time how long it takes to show the configuration when I am @ CLI and it's about 10 seconds. Also, the config downloaded by NCM has at least 20.

  • I would look to increase your SSH/Telnet timeouts for both the connection and the prompt.  You can find these in the web console in any NCM 7.1 and above under Settings->NCM Settings->Protocol Settings.  By default the connection timeout is 45 seconds and the prompt timeout is 15 seconds.  The connection timeout always has to be larger.  I would try setting these to 180 seconds for connection timeout and 90 seconds for Prompt Timeout.  Then try to download the config from this device again, and see what the results look like.