Downloads |
Document ID: 97405
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Troubleshooting
Unresponsive State
Unable to Access the IPS SSM through ASDM
Unable to Upgrade/Update the IPS SSM
Unable to connect to the IPS with the IPS event viewer (IEV)
NetPro Discussion Forums - Featured Conversations
Related Information
Introduction
This document describes how to troubleshoot the unresponsive state of the Advanced Inspection and Prevention Security Services Module (AIP-SSM) in the Cisco 5500 series Adaptive Security Appliance (ASA).
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on the AIP-SSM in the Cisco 5500 Series ASA.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Troubleshooting
Unresponsive State
Problem:
The AIP-SSM goes into an unresponsive state, as shown:
show module Mod Card Type Model Serial No. --- -------------------------------------------- ------------------ ----------- 0 ASA 5510 Adaptive Security Appliance ASA5510 JMX0934K021 1 ASA 5500 Series Security Services Module-10 ASA-SSM-10 JAB093203S3 Mod MAC Address Range Hw Version Fw Version Sw Version --- --------------------------------- ------------ ------------ --------------- 0 0013.c480.a11d to 0013.c480.a121 1.0 1.0(10)0 7.0(2) 1 0013.c480.b204 to 0013.c480.b204 1.0 1.0(10)0 5.0(2)S152.0 Mod Status --- ------------------ 0 Up Sys 1 Unresponsive
Solution:
Issue the hw-module module 1 reset command on your ASA. This command performs a hardware reset of the AIP-SSM. It is applicable when the card is in any of these states:
-
up
-
down
-
unresponsive
-
recover
If you reboot the ASA in an unresponsive state, your SSM must be re-imaged. Refer to the Installing the AIP-SSM System Image section of Upgrading, Downgrading, and Installing System Images for steps on how to re-image the AIP-SSM.
Note: Refer to the Reloading, Shutting Down, Resetting, and Recovering AIP-SSM section of Configuring ASA-SSM for more information about the various commands available to troubleshoot the AIP-SSM.
Unable to Access the IPS SSM through ASDM
Problem:
This error message is seen on the GUI.
Error connecting to sensor. Error Loading Sensor error
Solution:
Check the IPS SSM management interface is up/down, and check its configured IP address, subnet mask and default gateway. This is the interface to access the Cisco Adaptive Security Device Manager (ASDM) Software from the local machine. Try to ping the management interface IP address of IPS SSM from the local machine that you want to access the ASDM. If unable to ping check the ACLs on the sensor.
Unable to Upgrade/Update the IPS SSM
Problem:
The Error: execUpgradeSoftware : Connection failed error message is seen on the CLI.
Solution:
Check that the IPS SSM management interface is up/down and that it is the interface through which the ASA-IPS attempts to contact in order to download the software. This is not a backplane connection between the ASA and IPS-SSM; it is the Ethernet connection on the AIP-SSM module itself, which needs to be connected to a switch port and configured with a IP address, subnet mask and default gateway. If http still does not work, try to use the FTP or SCP option with the upgrade command.
Unable to connect to the IPS with the IPS event viewer (IEV)
Problem:
This error message appears:
Cannot send xml document to sensor. java.security.cert.CertificateExpiredException: NotAfter:
Solution:
This issue can be resolved if you regenerate the tls certificate with this command:
sensor(config)#tls generate-key
NetPro Discussion Forums - Featured Conversations
| NetPro Discussion Forums - Featured Conversations for Security |
| Security: Intrusion Detection [Systems] |
| Security: AAA |
| Security: General |
| Security: Firewalling |
Related Information
| Updated: Oct 09, 2007 | Document ID: 97405 |