CiscoWorks VMS questions...

I am starting to evaluate CiscoWorks VMS (VPN Management Services), and I am running into some issues that I hope someone might have some ideas on:

1) in the software update tool, synchronizing objects with the CCO is slow. Maybe there isn't anything that can be done about this, but it's a nuisance.

2) in the software update tool, if I select the nmdib (or whatever it is) then it complains that the program doesn't have an integration tool built in. As far as I can tell, I have updated with all the latest 2.2 patches. (As this is an eval, I don't get to order a 2.3 update kit)

3) in the software update tool, the Cat6000 won't update, complaining of a conflict in major version number, saying that it needs 7.10 . 1.10 is what's there now, and 7.1 (not 7.10) is the highest available version that I can see for it.

4) In the PIX config import tool, when I go to import my existing configs, it goes through the motions and then complains about parse errors because I have special characters in my isakmp keys. [Ok, I'd never noticed before that it said "alphanumeric"... it works without complaint if you use special characters.] But having complained, it doesn't give me a chance to tweak those lines or ignore them -- the entire import fails. Well, I can't go around changing my active keys just to play with the tool... and see below.

5) In the PIX config import tool, when I go to import from a file [having editted the isakmp keys] after long enough to have imported the config, it fails with a message,

Failed to get config txt decoration from device task obj!

??? WTF ??

In combination with the above, this means that until I change my active keys [on devices thousands of miles away] I can't import my configs.

6) In the PIX device config tool, if I change the Future Contact username, then generation goes okay, but at deployment time it complains that the Future Contact password does not match the enable password. Which is untrue -- the passwords are the same for the enable password and for the two users I have created. It's possible the same passwords encrypt differently for different users though. To get around this, I had to re-import the config and not touch the Future Contact.

7) This tool is slow with one firewall, often taking 15-20 seconds to fetch the screen after a minor update. What's it going to be like managing a series of them???

8) I followed the instructions for creating a dynamic map, but import config still gives me a warning that I need to have a dynamic map on the outside interface or else ezvpn won't work. I also turned on ezvpn and ezvpn client (but not ezvpn remote)... didn't seem to matter.

9) In the isakmp key help, I see that it says to be sure to give matching keys to the device at the other end of the tunnel. I'm evaluating this software in hopes that it will cut down on manual (error-prone) repetition. Why can't it (hypothetically) allow tunnel endpoints to be created between devices, with automatically mirrored keys and policies?

10) What's with all the extra 'Finish' steps and so on? I'm really starting to dislike Windows "Wizard" style GUIs. :(
Reply to
Walter Roberson
Loading thread data ...

Runing LMS 2.2 and RWAN 1.5 etc Much the same on most points ...

Mine isnt that slow, but this depends on the choises you make and the devices.

Yeah - real pain this one. Have the exact same BS, and no idea what it is - I de-select it, as it is not needed (allready installed) and the works run along just fine afterwards.

Same as 2 - this is a know bug I think - It for the CiscoView version, right ? Mine says it need 6.0, but LMS only got 5.5. This the same no matter what, CCO update, manual install etc.

The rest looks like VMS kinda q's, so I can not answer, only that I manage PIX configs via LMS, with no problems.

Nothing to do with windows (no matter how much we hate it) - It is the exact same on Solaris

8)

HTH Martin Bilgrav

Reply to
Martin Bilgrav

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.