[rancid] Re: Problems with getting configuration from a PIX 501.

Steve Ousley steve at host-it.co.uk
Tue Jul 15 11:28:52 UTC 2008


Sorry for the fast follow on to this.

 

I have now found out that it is actually like this on ALL pix's that we
have.  Any ASA that we have is working fine, however no pix is updating.

 

I have tried running rancid-r <pix> and that runs, for about 1 second, then
finishes, where running this on an ASA takes approximately 10 seconds.
There is however no error on the command line when I run "rancid -r <pix>".
This is now confusing me even more!  As far as I can tell, rancid is trying
to get the pix configurations, but failing somewhere that I cannot tell.  Is
there a way to manually run the process that rancid-run would do in order to
try and see if there's a problem somewhere?

 

Thanks

 

Steve Ousley - SO620-RIPE

Nuco Technologies Ltd

 <mailto:steve at host-it.co.uk> steve at host-it.co.uk

 <http://www.nucotechnologies.com/> www.nucotechnologies.com

Tel. 0870 165 1300

 

Nuco Technologies Ltd is a company registered in England and Wales
with company number 04470751

 

From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley
Sent: 15 July 2008 12:20
To: rancid-discuss at shrubbery.net
Subject: [rancid] Problems with getting configuration from a PIX 501.

 

I have had rancid installed a little while now, and am noticing problems
with rancid on one pix (not sure if it's on more or not, but this is the
only one I can confirm without going through manually checking all of them).

 

The problem is that it doesn't seem to be updating the CVS repo with the
latest configurations.

 

I do know that we occasionally get problems like this with pix's where the
ssh connection doesn't work (usually tell this by running clogin to the pix)
however this manages to ssh in no problems, and gets the enable prompt, see
below:

 

[CODE]

nagios-1:/usr/local/rancid/var/asa# clogin <firewall>

<firewall>

spawn ssh -c 3des -x -l <rancid-user> <firewall>

<rancid-user>@<firewall>'s password:

Type help or '?' for a list of available commands.

<firewall>>

<firewall>> enable

Password: *

<firewall>#

[/CODE]

 

As you can see, this is logging into the pix no problems (I have changed any
instance of the hostname to <firewall> and the rancid user, and no the
password isn't 1 character long).

 

Using clogin to log into the firewall, I can also run various commands
successfully (sh run, sh ver etc).  However the firewall still will not
update. 

 

Does anyone have any ideas?

 

I have also set the pix to "down" and back to "up" and ran rancid again, to
no avail.  This is really confusing me! Since all our other pix's seem to be
working no problems, 

 

Steve Ousley - SO620-RIPE

Nuco Technologies Ltd

 <mailto:steve at host-it.co.uk> steve at host-it.co.uk

 <http://www.nucotechnologies.com/> www.nucotechnologies.com

Tel. 0870 165 1300

 

Nuco Technologies Ltd is a company registered in England and Wales
with company number 04470751

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080715/b644185f/attachment.html 


More information about the Rancid-discuss mailing list