IMC
cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with testing Cisco ASA via telnet

 
Highlighted
Occasional Visitor

Problem with testing Cisco ASA via telnet

Hi,

I get an error "Incorrect username or password for telnet/ssh" testing access to Cisco ASA from IMC v.7.1. using "Test" button in "modify telnet settings" option.

However, both the username and password are entered correctly. I can telnet and login to this device from IMC server using the same credentials. I connected successfully using "telnet" and "plink" from IMC server Windows PowerShell. 

I captured packets using Wireshark while running test from IMC and the correct username and password are visible. You can even see that ASA sends the text displayed during login and command prompt to IMC. So, in fact, logging into the device is successful.

So why we get an error ?

Do not be surprised I check telnet. This is only a diagnostic component of the broader backup problem.

Thanks

P.S.

 

 

2 REPLIES 2
Highlighted
HPE Pro

Re: Problem with testing Cisco ASA via telnet

Hello,

A few things I can think of that could be causing the issue:

1) iMC simply does not get the correct prompt from the device during the test - are you sure the credentials provided in iMC access the 'enable' (manager) prompt? If not, then you should configure Telnet/SSH settings in iMC with an additional 'super' password that can get there.

2) iMC gets the correct prompt, but the hostname causes a mismatch.

For example, the 'System Name' in Device Details page for the device shows the FQDN format, but the prompt on the device does not include the FQDN (or vice versa). In other words, your device prompt is hostname# but the iMC System Name for the device is hostname.domain. That means iMC would expect a device prompt of hostname.domain# but can't match that as the device shows hostname# after login.

If that is the case, you need to make sure the hostname in the device prompt and the iMC System Name (acquired via SNMP) match. I think the command 'prompt hostname' should help on Cisco ASA.

I'm not entirely sure this applies for the 'Test' button, but it's definitely a factor when using the scripts for configuration center operations (backup/restore/deploy config/sw). See also this topic where I explained the issue in regard to the scripts https://community.hpe.com/t5/imc/imc-not-able-to-ssh-into-cisco-asa-s/m-p/7086871#M5841

3) You are hitting a bug in an older version of iMC. Are you still running a 7.1 version? If so, I'd suggest upgrading step by step to the latest version (latest is 7.3 E0705P06 at the moment). There were a few versions of iMC, years ago, where the Test button was bugged and reporting failure even when it was successful.

Hope that helps.

Best regards,
Justin

Working @ HPE
Accept or Kudo
Highlighted
HPE Pro

Re: Problem with testing Cisco ASA via telnet

Hello @pioter00 ,

Has this helped you out, or do you need any further assistance?

Best regards,
Justin

Working @ HPE
Accept or Kudo