[rancid] Re: Timeouts on Cisco ASA

john heasley heas at shrubbery.net
Tue Apr 21 14:55:07 UTC 2009


Tue, Apr 21, 2009 at 03:02:10PM +0200, JP Viljoen:
> On Tuesday 21 April 2009 14:43:30 Deny IP Any Any wrote:
> > It sounds like your setup is expecting it to drop directly to enabled
> > mode, which is why it is timing out (it's likely looking for a # in
> > the prompt). double-check your .cloginrc file to make sure there isn't
> > an autoenable setting that would be applying to your device.
> >
> > RANCID against an ASA works for me here:
> >
> > rancid at wh-mon06:~/bin$ ./clogin 192.168.121.11
> > 192.168.121.11
> > spawn ssh -c 3des -x -l rancid 192.168.121.11
> > rancid at 192.168.121.11's password:
> > Type help or '?' for a list of available commands.
> > P10-JAX-ASA> enable
> > Password: ************
> > P10-JAX-ASA#
> > P10-JAX-ASA# sh ver
> >
> > Cisco Adaptive Security Appliance Software Version 8.0(4)
> > Device Manager Version 6.1(5)57
> 
> Speaking to a friend of mine earlier after he saw my post to the list, I did 
> try debugging with noenable and other parameters and even adjusting the 
> expected enable prompt to specifically match "Password:" (even though the 
> default should do this) as well as ensuring it doesn't try to autoenable, all 
> unsuccessfully.
> 
> Running in debug mode I get the following output near the end (sorry if some 
> of it is unnecessary, I'm still busy learning the flow of RANCID and getting to 
> know what's important where):

you havent included enough of the output.

> expect: does " \r\nType help or '?' for a list of available commands.
> \r\n\rciscoasa> " (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does " \r\nType help or '?' for a list of available commands.
> \r\n\rciscoasa> " (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? 
> no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue"? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ ([Pp]assword|passwd):"? no
> "(Username|Login|login|user name|User):"? no
> "([Pp]assword|passwd):"? no
> "(#| \(enable\))"? no
> "Login invalid"? no
> expect: timed out
> 
> Error: TIMEOUT reached
> write() failed to write anything - will sleep(1) and retry...

> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


More information about the Rancid-discuss mailing list