Since Cryptochecksum is supposed to represent the contents of the config, I'm
guessing that something actually is changing, but Rancid is suppressing the
change to avoid spurious diffs. Think junk like "ntp clock-period" or
"<removed>" passwords. Or it could be happening on the device side with
"password ****************", but I'm not sure how that masking affects the
checksum on that device.

Having the raw output (pre-processing) may help to figure out what's going on.

I get this alot on my 5505's that are end points for L2L VPN's. I think
this happens when the crypto isakmp policy timer expires.

-----Original Message-----
From: rancid-discuss-***@shrubbery.net
[mailto:rancid-discuss-***@shrubbery.net] On Behalf Of K K
Sent: Friday, August 22, 2008 6:58 PM
To: rancid-***@shrubbery.net
Subject: [rancid] ASA and Cryptochecksum?

With an ASA5510, every so often there is a "... router config diffs"
email where the only diff reported is the Cryptochecksum. Is this
normal?


Thanks,

Kevin


Index: configs/employeevpn
===================================================================
retrieving revision 1.9
diff -U4 -r1.9 employeevpn
@@ -953,6 +953,6 @@
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
- Cryptochecksum:ddc64c508c15f2db0b322eeae8842877
+ Cryptochecksum:28a9e4a2481c5008cd6431ff34bb23d6
: end