ASA Configuration Troubleshooting

From DocWiki

Revision as of 04:50, 3 May 2011 by Nkanagar (Talk | contribs)
Jump to: navigation, search

How to enable auto-update server logging on ASA device.

Execute the following commands.

ASA-Device(config)# logging enable

ASA-Device(config)# logging console 6

ASA-Device# debug auto-update server

ASA-Device# debug auto-update client

Configuration not pulled due to java.lang.SecurityException: Device Authentication Failed.

Check the following.

1. Check whether the ASA device is created on CE server.

2. if the device is created on CE side, then check the auto-update server cli on ASA to verify that the CLI is having correct username and password.

3. If you feel that the password is incorrect on either side, then re-sync the password on both the side by reconfiguring the auto-update server CLI on ASA device and by editing the device on CE side.

Configuration not pulled.

This is because the device already downloaded associated template from CE server and the ASA device is running with updated configuration. Do the following to verify this.

1. Enable console/terminal logging on ASA device.

2. On elapse of poll-period ASA device will try to contact the CE server to retrieve the new template. During this time following log (not identical but similar) can be seen on ASA device console.

%ASA-6-302013: Built outbound TCP connection 23 for inside:cede1/443 (cede1/443) to identity: (

%ASA-6-725001: Starting SSL handshake with server inside: for TLSv1 session.

%ASA-6-725002: Device completed SSL handshake with server inside:

Auto-update client: Sent DeviceDetails to /cns/ASAConfig of server cede1

Auto-update client: Processing UpdateInfo from server cede1

Component: config, [URL: https://cnsce-asauser:naveen@cede1:443/cns/ASAConfigProvider?deviceID=ASA-5520-246], checksum:xd2423c0873e3338bec5042a3e143b5e8

%ASA-6-725007: SSL session with server inside: terminated.

%ASA-6-302014: Teardown TCP connection 23 for inside:cede1/443 to identity: duration 0:00:00 bytes 1336 TCP Reset-I

Auto-update client: no need to update cfg

3. If the logging says that no need to update cfg, then the configuration associated on CE server and running configuration on ASA device are same and current.

Rating: 0.0/5 (0 votes cast)

Personal tools