Driver Support Document
| SYSOID Mapping | ||
| SYSOID | MODEL | OS VERSION |
| 1.3.6.1.4.1.9.1.227 | ciscoPIXFirewall | 5.x, 6.x, 7.x |
| 1.3.6.1.4.1.9.1.244 | ciscoLocalDirector | 4.x |
| 1.3.6.1.4.1.9.1.389 | ciscoPIXFirewall506 | 5.x, 6.x, 7.x |
| 1.3.6.1.4.1.9.1.390 | ciscoPIXFirewall515 | 5.x, 6.x, 7.x |
| 1.3.6.1.4.1.9.1.391 | ciscoPIXFirewall520 | 5.x, 6.x, 7.x |
| 1.3.6.1.4.1.9.1.392 | ciscoPIXFirewall525 | 5.x, 6.x, 7.x, 7.2(4) |
| 1.3.6.1.4.1.9.1.393 | ciscoPIXFirewall535 | 5.x, 6.x, 7.x |
| 1.3.6.1.4.1.9.1.417 | ciscoPIXFirewall501 | 5.x, 6.x, 7.x |
| 1.3.6.1.4.1.9.1.450 | ciscoPIXFirewall506E | 5.x, 6.x, 7.x |
| 1.3.6.1.4.1.9.1.451 | ciscoPIXFirewall515E | 5.x, 6.x, 7.x |
| 1.3.6.1.4.1.9.1.522 | cat6500FirewallSm | 3.1(1), 3.2(6), 4.0(6) |
| 1.3.6.1.4.1.9.1.669 | ciscoASA5510 | 8.0, 8.0(3), 8.0(4),8.1, 8.2, 8.2(4), 8.2(5), 8.2(5)13, 8.2(5)41, 8.3(1) |
| 1.3.6.1.4.1.9.1.670 | ciscoASA5520 | 7.x, 8.0, 8.0(3), 8.1, 8.2, 8.2(4), 8.2(5), 8.2(5)41 |
| 1.3.6.1.4.1.9.1.671 | ciscoASA5520sc | 8.2(5) |
| 1.3.6.1.4.1.9.1.672 | ciscoASA5540 | 7.x, 8.0, 8.0(3),8.1, 8.2, 8.2(4), 8.2(5) |
| 1.3.6.1.4.1.9.1.673 | ciscoASA5540sc | 7.x, 8.0, 8.1, 8.2 |
| 1.3.6.1.4.1.9.1.674 | ciscoWsSvcFwm1sc | 3.1(1), 3.2(6), 4.0(6) |
| 1.3.6.1.4.1.9.1.745 | ciscoASA5505 | 7.x, 8.0, 8.1, 8.2 |
| 1.3.6.1.4.1.9.1.753 | ciscoASA5550 | 8.0(3)12 |
| 1.3.6.1.4.1.9.1.773 | ciscoASA5510 | 8.2(1) |
| 1.3.6.1.4.1.9.1.914 | ciscoASA5580 | 7.x, 7.2(4), 8.0, 8.0(4), 8.1, 8.2, 8.2(1), 8.2(3), 8.2(5), 8.2(2)17, 8.2(4), 8.2(5)46, 8.4(2) |
| 1.3.6.1.4.1.9.1.1194 | ciscoASA5585 | 9.0(2) |
| 1.3.6.1.4.1.9.1.1195 | ciscoASA5585 SSP20 | 9.1(3) |
| 1.3.6.1.4.1.9.1.1196 | ciscoASA5585-SSP-40 | 9.4(2)11 |
| 1.3.6.1.4.1.9.1.1197 | ciscoASA5585Ssp60 | 8.4(5) |
| 1.3.6.1.4.1.9.1.1198 | ciscoASA5585-SSP-10 | 8.4(3) |
| 1.3.6.1.4.1.9.1.1199 | ciscoASA5585-SSP-20 | 8.4(7) |
| 1.3.6.1.4.1.9.1.1200 | ciscoASA5585-SSP-40 | 9.1(2) |
| 1.3.6.1.4.1.9.1.1201 | ciscoASA5585-SSP-60 | 7.1(3) |
| 1.3.6.1.4.1.9.1.1275 | ciscoASA-SM1sc | 9.1(3) |
| 1.3.6.1.4.1.9.1.1407 | ciscoASA5512 | 8.6(1) |
| 1.3.6.1.4.1.9.1.1408 | ciscoASA5525 | 9.1(1) |
| 1.3.6.1.4.1.9.1.1409 | ciscoASA5545 | 8.6(1) |
| 1.3.6.1.4.1.9.1.1410 | ciscoASA5555 | 9.0(1), 9.0(2) |
| 1.3.6.1.4.1.9.1.1413 | ciscoASA5555sc | 9.4(4)5 |
| 1.3.6.1.4.1.9.1.1414 | ciscoASA5555 | 9.1(3) |
| 1.3.6.1.4.1.9.1.1421 | ciscoASA5515 | 9.0(3) |
| 1.3.6.1.4.1.9.1.2114 | ciscoASA5506-X | 9.0(1) |
| 1.3.6.1.4.1.9.1.2295 | ciscoFpr4110K9 | 9.6(2) |
| 1.3.6.1.4.1.9.1.2313 | ciscoFpr4K-SM-12 | 9.6(1) |
| 1.3.6.1.4.1.9.1.2315 | ciscoFpr4140SM36 | 9.6(2) |
Cisco ASA devices support creating contexts that can be independently addressable. When the NA Module Status diagnostic is run, the driver will detect virtual device contexts and log into to each context to determine its IP address. The first address reported for the external interface (default: "outside") will be recorded as the address by which the context can be reached. To change this default, set the device access variable "extinterface" to the name of the interface that contains the IP address desired to reach the context. To disable IP parsing for context management, set the "extinterface" variable to "false".
The context management feature adds independent device entries for contexts on the device automatically by using the inventory diagnostic. This feature can be disabled by adding the access variable "disable_context" and setting it to true. Disabling the feature will remove any previously created context devices permanently and will result in the inability to directly manage contexts with NA. Changes will take effect the next time the NA Module Status diagnostic task is run.
By default, the tag "active" or "secondary" is added to the hostname field to indicate the presence of a failover system, because this could cause the hostnames to be set to the same value. This would interfere with the management of the device's virtual contexts. To disable this alteration, set the "keep_hostname" access variable to "true", which will cause the hostname to be left unaltered.
PIX devices self-select the interface to use for TFTP transfers. To override the device's selection, set the device access variable TFTPInterface to contain the name of the desired interface.
ASA devices contain several extra items of configuration that are not part of the running config. Collection of the various WebVPN objects can be enabled by setting the Device Access variable "FullASABackup" to true. TrustPoint certificates can also be exported to the store configuration by also setting the "BackupTrusts" variable to true; this requires FullASABackup to also be set. Certificate information is not masked in the configuration, so these data portions are made specifically to be opt-in only; security risks by exposure of the information is the responsibility of the user.
Some PIX/ASA devices are known to show "the" serial number only in the 'show inventory' command [under the Chassis item], and list a separate serial number in 'show version' that is used only for licensing. The serial from 'show inventory' is parsed by default, but if the device access variable "use_version_serial" is set, the serial from 'show version' will be parsed instead.
CLI snapshot of PIX and ASA devices can result in a configuration containing masked private date, including passwords, community strings, and varous keys. Deploying such a configuration to the device can be dangerous, and may result in a non-functioning device. To preserve device connectivity, the configuration deployment task will automatically fail when presented with a masked configuration. To override this protection, set the Device Access variable "override_deploy" to "true".
The PIX occasionally has difficulty merging new configuration commands with the existing configuration. Because of this, double-checking the results of a configuration deployment task is recommended. Note that some settings from the deployment may be applied, even though the deployment task failed.
Cisco Firewalls require the specification of the interface to be used for relaying of syslog messages. The custom access variable "SyslogInterface" should be set to the correct interface to ensure correct operation of Syslog tasks.
It the Limited Access Password field is deployed without a password, it will deploy the telnet console access password, using the passwd command on the device.
Conduits cannot be deleted because they require "line by line" removal. They should be removed by normal command script methods.
Discovery tasks for Javascript drivers handle More prompts by using timeouts, which can cause problems with the third-party SSH client code, which interprets the timeout as a disconnection. There are two options to work around the problem. Setting the RCX option [<option name="Driver/Discovery/UsePollRead">true</option>] in site_options.rcx will effect the workaround for all affected devices. Alternatively, it could be applied to a single device by setting the device access variable "PollRead" to "true".
Discovery tasks for Javascript drivers use wakeup characters are sent during device connection, to ensure that the device is responding. Normally, these characters do not echo to the console, but some devices may echo them. In this case, this causes the prompt detection phase to fail, which in turn can cause More prompts to not be handled properly, and discovery may fail. If these characters are echoed from the device [check the session log to see this], then set the device access variable "skip_ctrl_u" to skip the sending of the wakeup characters. Note that setting this option on a previously working device could cause discovery tasks to fail, but it only affects CLI discovery. SNMP discovery is unaffected.