IMC
cancel
Showing results for 
Search instead for 
Did you mean: 

IMC / ASA SCP backup fails - transfer protocol does not match access type

 
Greg Beifuss
Advisor

IMC / ASA SCP backup fails - transfer protocol does not match access type

I've been asked to get our IMC working with a couple of Cisco ASAs we have. I've gotten the IMC to poll them, but backing up their configuration fails every time. I'm trying to use SCP.

I've set the ASAs to support SCP, and manually running the commands work:
C:\Program Files\iMC\server\bin>pscp -scp username@192.168.70.1:system://running-config .
username@192.168.70.1's password:
running-config            | 30 kB |  30.7 kB/s | ETA: 00:00:00 | 100%

In the IMC, I've set Single Device Transfer mode for the firewall = SCP, and added the OID 1.3.6.1.4.1.9.1.1421 to the C:\Program Files\iMC\server\conf\adapters\ICC\Cisco\adapter-index.xml file (under the CiscoASA adapter).

The log file seems to show it complaining about SCP right away, then switching over to TFTP (which doesn't match the accesstype) before landing on CLI.

Anyone have ideas on what I can investigate?

Thanks!
Greg

 

2019-03-08 12:49:08.908 [WARNING (6021)] [THREAD(6372)] Do not support scp protocol in function 'CFileTransferTask::transferFileEx'
2019-03-08 12:49:09.909 [WARNING (6021)] [THREAD(6372)] Do not support scp protocol in function 'CFileTransferTask::transferFileEx'
2019-03-08 12:49:10.909 [INFO (0)] [THREAD(6292)] Process backup transfer task completed, result: { -- SEQUENCE --
 result { -- SEQUENCE --
  operStep 'ff'H  --
,
  result '00'H  --

 }
,
 devID '6a'H  --
,
 strSession ''H  -- "" --,
 devDescr '6173615374726174666f72642e636f72702e61677269636f72702e636f6d283139322e3136382e37302e3129'H  -- "asaStratford.corp.agricorp.com(192.168.70.1)" --,
 transferResultList { -- AsnDevFileTransferResultSeqOf SEQUENCE OF AsnTransferCfgFileResult
  { -- SEQUENCE --
   resultList { -- AsnCfgBakOprResultList SEQUENCE OF AsnCfgBakOprResult
    { -- SEQUENCE --
     operStep '00'H  --
,
     result '1785'H  --

    }
   }
,
   fileType '00'H  --
,
   cfgFileID '27'H  --
,
   hostFileName '72756e6e696e675f323633353737313539322e636667'H  -- "running_2635771592.cfg" --,
   devFileNamePath '3139322e3136382e37302e315f72756e6e696e675f32303139303330383132343930382e636667'H  -- "192.168.70.1_running_20190308124908.cfg" --
  }
  { -- SEQUENCE --
   resultList { -- AsnCfgBakOprResultList SEQUENCE OF AsnCfgBakOprResult
    { -- SEQUENCE --
     operStep '00'H  --
,
     result '1785'H  --

    }
   }
,
   fileType '01'H  --
,
   cfgFileID '28'H  --
,
   hostFileName '737461727475705f323633353737313630322e636667'H  -- "startup_2635771602.cfg" --,
   devFileNamePath '3139322e3136382e37302e315f737461727475705f32303139303330383132343930392e636667'H  -- "192.168.70.1_startup_20190308124909.cfg" --
  }
 }

}

2019-03-08 12:49:10.911 [WARNING (32)] [THREAD(6292)] [CComponentAdapter::checkAccessTypeMatchTransferProtocol()] transfer protocol does not match access type,iTransferProtocol=4,iAccessType=3
2019-03-08 12:49:10.911 [WARNING (32)] [THREAD(6292)] [CComponentAdapter::isDevSupportServiceAction()] transfer protocol does not match access type,ServiceName = ConfigBackup,commandName=Custom,iTransferProtocol=4,iAccessType=3
2019-03-08 12:49:10.912 [WARNING (32)] [THREAD(6292)] [CComponentAdapter::checkAccessTypeMatchTransferProtocol()] transfer protocol does not match access type,iTransferProtocol=4,iAccessType=3
2019-03-08 12:49:10.912 [WARNING (32)] [THREAD(6292)] [CComponentAdapter::isDevSupportServiceAction()] transfer protocol does not match access type,ServiceName = ConfigBackup,commandName=ICC,iTransferProtocol=4,iAccessType=3
2019-03-08 12:49:10.913 [INFO (0)] [THREAD(6292)] [CComponentAdapter::isDevSupportServiceAction] dev_id: 106, adapter_name: CiscoASA
2019-03-08 12:49:15.946 [INFO (0)] [THREAD(7612)] [CThirdPartCfgfileMgr::backupRunning()] Begin to backup running cfgfile ...
2019-03-08 12:49:15.946 [INFO (0)] [THREAD(7612)] [CScriptProcessor::exec()] Begin to execute, data: ServiceName = ConfigBackup

ActionName = backup_running_config

InputParam = TFTPFile=C:/Program Files/iMC/server/tmp/running_2635771662.cfg?_?TFTPServer=192.168.4.187?_?VpnName=

OutputParam =

CmdResp =

ErrorMessage =

ActionResult = 19


2019-03-08 12:49:15.947 [WARNING (32)] [THREAD(7612)] [CComponentAdapter::checkAccessTypeMatchTransferProtocol()] transfer protocol does not match access type,iTransferProtocol=4,iAccessType=3
2019-03-08 12:49:15.947 [WARNING (32)] [THREAD(7612)] [CComponentAdapter::isDevSupportServiceAction()] transfer protocol does not match access type,ServiceName = ConfigBackup,commandName=Custom,iTransferProtocol=4,iAccessType=3
2019-03-08 12:49:15.950 [WARNING (32)] [THREAD(7612)] [CComponentAdapter::checkAccessTypeMatchTransferProtocol()] transfer protocol does not match access type,iTransferProtocol=4,iAccessType=3
2019-03-08 12:49:15.950 [WARNING (32)] [THREAD(7612)] [CComponentAdapter::isDevSupportServiceAction()] transfer protocol does not match access type,ServiceName = ConfigBackup,commandName=ICC,iTransferProtocol=4,iAccessType=3
2019-03-08 12:49:15.951 [INFO (0)] [THREAD(7612)] [CComponentAdapter::isDevSupportServiceAction] dev_id: 106, adapter_name: CiscoASA
2019-03-08 12:49:15.951 [INFO (0)] [THREAD(7612)] [CScriptProcessor::exec()] Begin to execute by cli.
2019-03-08 12:49:15.951 [INFO (0)] [THREAD(7612)] [CScriptProcessor::exec()] Case_no: 8624_2635771663, service_name: ConfigBackup, action_name: backup_running_config, input_vars: TFTPFile=C:/Program Files/iMC/server/tmp/running_2635771662.cfg?_?TFTPServer=192.168.4.187?_?VpnName=
2019-03-08 12:49:15.993 [INFO (0)] [THREAD(7612)] [CScriptProcessor::exec()] Success to spawn process, pid: 8568
2019-03-08 12:49:16.245 [INFO (0)] [THREAD(7612)] [CScriptProcessor::exec()] Success to execute process, pid: 8568
2019-03-08 12:49:16.245 [INFO (0)] [THREAD(7612)] [CScriptProcessor::exec()] Check result file: C:\Program Files\iMC\server\bin\..\..\server/tmp/scripttool_8624_2635771663.cfg
2019-03-08 12:49:16.257 [INFO (0)] [THREAD(7612)] [imcscriptttol] log: =============================== Begin=============================
2019-03-08 12:49:16.257 [INFO (0)] [THREAD(7612)]
2019-03-08 12:49:16.210 [INFO (0)] [THREAD(8388)] [ScriptTool::execScriptAction()] component_name: ICC, service_name: ConfigBackup, action_name: backup_running_config, input_vars: TFTPFile=C:/Program Files/iMC/server/tmp/running_2635771662.cfg?_?TFTPServer=192.168.4.187?_?VpnName=
2019-03-08 12:49:16.224 [INFO (2001)] [THREAD(8388)] [CCLIScriptProcessor::init()] Device login type is 2,dev_id=106,AdaptName=CiscoASA
2019-03-08 12:49:16.229 [ERROR (100)] [THREAD(8388)] [CSSHScriptProcessor::setSpawnPhrase()] ssh command does not match that user defined.
2019-03-08 12:49:16.229 [ERROR (38)] [THREAD(8388)] [CCLIScriptProcessor::init()] Fail to call setSpawnPhrase().AdaptName=CiscoASA
2019-03-08 12:49:16.229 [ERROR (38)] [THREAD(8388)] [CTelnetScriptProcessor::exec()] Fail to initilize environment. AdaptName = CiscoASA. DevIP = 192.168.70.1
2019-03-08 12:49:16.231 [INFO (0)] [THREAD(8388)] [ScriptTool::execScriptAction()] ResultNo: 38, CmdResp: , ResultMap:

2019-03-08 12:49:16.257 [INFO (0)] [THREAD(7612)] [imcscriptttol] log: =============================== End===============================

2 REPLIES 2
IshantR
Visitor

Re: IMC / ASA SCP backup fails - transfer protocol does not match access type

Which Version of IMC are you running?
What specific model of cisco ASA are you trying to backup?
What is the sysObjectID for ASA?
Check <imc>/server/conf/adapters/ICC/Cisco/adapter-index.xml.
Check that your sysObjectID is in the CiscoASA section.
If it's not in there, add it. Restart IMC, and re-synchronise your ASA, then re-run the backup.

I am a HPE Employee
Greg Beifuss
Advisor

Re: IMC / ASA SCP backup fails - transfer protocol does not match access type

Hi @IshantR , thanks for replying.

We're running IMC 5.2 (E0401P05).

I'm trying to backup an ASA 5510 and several ASA 5515.

The SysOID are 1.3.6.1.4.1.9.1.669 (already in the cisco adapters file) and 1.3.6.1.4.1.9.1.1421 (manually added). Restarting IMC and resynchonizing/refreshing the devices had no effect.

Thanks,

Greg