[rancid] Cisco ASA in Rancid

Discussion:

Justin Popa

2013-03-29 17:06:16 UTC

I've set up a handful of Cisco switches and routers inside Rancid without
issue. Unfortunately I cannot get rancid talking to my ASA 5520 no matter
what I do.

1) I've checked to make sure that the ASA has the IP of the rancid server
allowed to SSH.
2) I tested sshing to the ASA from the rancid server, which worked as
expected.
3) I verified the login settings in my cloginrc file, and confirmed the dns
name was correct in routers.db.
4) I did a "./clogin -u rancidusername -p r3gularp4ss -e en4blep4ss -c "sh
ver" thisismyasa.domain.com" which properly returned a "sh ver" from the
ASA.

However, despite everything looking normal, when I run "rancid-run" I do
not receive alerts about rancid being able to connect to the ASA, nor does
the config file in /rancidpath/var/corp/configs/ populate with the ASA's
configuration file. It does create a file for the ASA in that directory,
but it's 0k.

Anyone have any thoughts?

Michael W. Lucas

2013-03-29 20:00:29 UTC

Permalink

Check your log files. Timeouts?

You can also do rancid-run -r routername to run rancid on just the one
host, to separate out debugging in the log.

On Fri, Mar 29, 2013 at 10:06:16AM -0700, Justin Popa wrote:
> I've set up a handful of Cisco switches and routers inside Rancid without
> issue. Unfortunately I cannot get rancid talking to my ASA 5520 no matter
> what I do.
> 1) I've checked to make sure that the ASA has the IP of the rancid server
> allowed to SSH.
> 2) I tested sshing to the ASA from the rancid server, which worked as
> expected.
> 3) I verified the login settings in my cloginrc file, and confirmed the
> dns name was correct in routers.db.
> 4) I did a "./clogin -u rancidusername -p r3gularp4ss -e en4blep4ss -c "sh
> ver" [1]thisismyasa.domain.com" which properly returned a "sh ver" from
> the ASA.
> However, despite everything looking normal, when I run "rancid-run" I do
> not receive alerts about rancid being able to connect to the ASA, nor does
> the config file in /rancidpath/var/corp/configs/ populate with the ASA's
> configuration file. It does create a file for the ASA in that directory,
> but it's 0k.
> Anyone have any thoughts?
>
> References
>
> Visible links
> 1. http://thisismyasa.domain.com/

> _______________________________________________
> Rancid-discuss mailing list
> Rancid-***@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

--
Michael W. Lucas - ***@michaelwlucas.com, Twitter @mwlauthor
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Latest book: Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e
coupon code "ILUVMICHAEL" gets you 30% off & helps me.

Ryan West

2013-03-29 22:01:40 UTC

Permalink

On Fri, Mar 29, 2013 at 16:00:29, Michael W. Lucas wrote:
> Cc: rancid-***@shrubbery.net
> Subject: Re: [rancid] Cisco ASA in Rancid
>
>
> Check your log files. Timeouts?
>
.com" which properly returned a "sh ver" from
> > the ASA.
> > However, despite everything looking normal, when I run "rancid-run" I do
> > not receive alerts about rancid being able to connect to the ASA, nor does
> > the config file in /rancidpath/var/corp/configs/ populate with the ASA's
> > configuration file. It does create a file for the ASA in that directory,
> > but it's 0k.
> > Anyone have any thoughts?

Can you post your .cloginrc, sanitized of course.

-ryan

Tom Simpson

2013-03-29 22:03:26 UTC

Permalink

Are you switching to enable mode when you login? Or more to the point so you enable it in .cloginrc?

Thanks,
Tom Simpson

Sent from my iPhone

On Mar 29, 2013, at 6:02 PM, "Ryan West" <***@zyedge.com> wrote:

> On Fri, Mar 29, 2013 at 16:00:29, Michael W. Lucas wrote:
>> Cc: rancid-***@shrubbery.net
>> Subject: Re: [rancid] Cisco ASA in Rancid
>>
>>
>> Check your log files. Timeouts?
> .com" which properly returned a "sh ver" from
>>> the ASA.
>>> However, despite everything looking normal, when I run "rancid-run" I do
>>> not receive alerts about rancid being able to connect to the ASA, nor does
>>> the config file in /rancidpath/var/corp/configs/ populate with the ASA's
>>> configuration file. It does create a file for the ASA in that directory,
>>> but it's 0k.
>>> Anyone have any thoughts?
>
> Can you post your .cloginrc, sanitized of course.
>
> -ryan
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-***@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

________________________________

CONFIDENTIALITY NOTICE:
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.

Forcht Group IT, 2400 South Main Street, Corbin, Ky.