Guest

Preview Tool

Cisco Bug: CSCum46114 - CSM 4.5 Deploys 'crypto key generate rsa' in FlexConfig all time

Last Modified

Feb 26, 2018

Products (1)

  • Cisco Security Manager

Known Affected Releases

4.5(0)ER1

Description (partial)

Symptom:
When 'crypto key generate rsa' is in FlexConfig it is deployed regardless of the global deployment settings. 

1. Customer has a policy bundle with 'Access Rules' and 'FlexConfig' policies.
2. There is only 'crypto key generate rsa' command is in FlexConfig
3. After second and subsequent deployments 'crypto key generate rsa' is already executed on a device and key pair is already generated and the device throws an error:
=============================
An error response from the device prevented successful completion of this operation.
The device provided the following description: crypto key ****** rsaWARNING: You have a RSA
keypair already defined named <Default-RSA-Key>.
Do you really want to replace them? [yes/no]:
% Please answer 'yes' or 'no'.
Do you really want to replace them? [yes/no]:
% Please answer 'yes' or 'no'.
Do you really want to replace them? [yes/no]:
% ERROR: Timed out waiting for a response.
ERROR: Failed to create new RSA keys named <Default-RSA-Key>
=============================
3. Per documentation CSM should only deploy once but it deploys every time (see test11.pdf and test12.pdf)
4. I also made a test with Tools > Cisco Security Manager - Administration > Deployment > Deploy only new or modified FlexConfigs unchecked and the result is the same

Conditions:
CSM 4.5
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.