IMC
cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot synchronize with Cisco internet routers using IMC 7.3

 
cttripp1
Occasional Advisor

Cannot synchronize with Cisco internet routers using IMC 7.3

I have two Cisco internet routers passing traffic through a firewall.  The routers are (of course) external and my IMC servers are internal.

Firewall rules have been set up for syslog, snmp, snmptrap and ssh, like this:

syslog: CiscoRTR --> FW permit upd/514 --> IMC

snmptrap: CiscoRTR --> FW permit udp/162 --> IMC

snmp: CiscoRTR <-- FW permit udp/161 <-- IMC

ssh: CiscoRTR <--FW permit tcp/22 <-- IMC

The firewalls shows all four protocols' traffic passing through.  syslog traffic is getting to the IMC (logs showing up in IMC), the IMC can ssh to the routers (tested using the Modify SSH settings link on the routers' IMC device pages), IMC can snmp to the routers (tested using the Modify SNMP settings link on the routers' IMC device pages), the firewalls show snmptrap traffic coming back, and the routers themselves are showing the snmp requests coming through.  Everything looks good.  BTW, I am using SNMPv3, and the SNMP test shows the credentials as working.

But when I try to synch the devices in IMC by clicking on the "Synchronize" link in the devices' pages, I get an error message "Device (name and IP) failed to be synchronized".  I know routing between the routers, the firewalls and the IMC servers is good because syslog and ssh work, and the snmp requests wouldn't be showing up on the routers if traffic from the IMCs weren't passing through correctly.  The firewalls show snmptrap traffic coming back correctly, as already stated.  But IMC can't synchronize and it shows the routers as Unknown Products and no sysoid information is displayed.  I verified the Cisco routers are already listed in the Device Definitions page.

I'd love to blame the firewall engineers, but I can't find any issues with their work.  And if it were a routing issue syslog and ssh wouldn't work.

Any ideas?  Am I missing any tcp or udp ports in either direction?  Thanks for any ideas.

3 REPLIES 3
jguse
HPE Pro

Re: Cannot synchronize with Cisco internet routers using IMC 7.3

Did you allow ICMP through the firewalls as well?

The "Test" button on the SNMP Configuration in IMC only tests the parameters through one SNMP GET <sysname> and then SET <sysname> to the same name. It's possible that this works while Synchronize (full snmpwalk and some ssh logins) fails because other OIDs could not be read/accessed.

Try running a packet capture on the IMC server when you synchronize to see if you can figure out what's going wrong (SNMPv3 can be decrypted in Wireshark). 

Best regards,
Justin Guse

I am a HPE Employee.
cttripp1
Occasional Advisor

Re: Cannot synchronize with Cisco internet routers using IMC 7.3

No, ICMP isn't allowed.  I wondered about that; I'll ask the firewall team if they can allow it.

If that doesn't work, then I'll try wireshark.  Thanks for the ideas.

jguse
HPE Pro

Re: Cannot synchronize with Cisco internet routers using IMC 7.3

If your devices can't be pinged, you also have the option to uncheck "Support Ping Operation" when adding a device to IMC, or under the Configure > Ping Parameters window on the device details. Then IMC will not try ICMP with those devices.

Best regards,
Justin Guse

I am a HPE Employee.