https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755255#M56436 <HTML><HEAD></HEAD><BODY><P>Hi tiwang.</P><P>Thanks for your answer.</P><P>Just a question: did you replace the module itself or the entire ASA?</P><P></P><P>My problem is that I have this issue on both modules. For this reason I have to keep one shutdown :O(</P><P></P><P>I hope there is another solution.</P><P></P><P>Regards.</P></BODY></HTML> Mon, 05 Dec 2011 13:44:10 GMT alexpara72 2011-12-05T13:44:10Z https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755249#M56430 <P>I have IPS 4260 has the last IOS version 7.0(5)E4 and when I run diagnostic report I have the following messages </P><P></P><P>08Aug2011 13:34:15.593 0.000 sensorApp[510] sensorApp/E transmitPacket: Error TX&nbsp; Queue full, no lost buf yet16693 if = 0</P><P>08Aug2011 13:34:15.593 0.000&nbsp; sensorApp[510] sensorApp/E transmitPacket: Error TX Queue full, no lost buf&nbsp; yet24108 if = 0</P><P>08Aug2011 13:34:15.594 0.001 sensorApp[510] sensorApp/E&nbsp; transmitPacket: Error TX Queue full, no lost buf yet39703 if = 0</P><P>08Aug2011&nbsp; 13:34:15.594 0.000 sensorApp[510] sensorApp/E transmitPacket: Error TX Queue&nbsp; full, no lost buf yet15644 if = 0</P><P>08Aug2011 13:34:15.594 0.000 sensorApp[510]&nbsp; sensorApp/E transmitPacket: Error TX Queue full, no lost buf yet38045 if =&nbsp; 0</P><P>08Aug2011 13:34:15.595 0.001 sensorApp[510] sensorApp/E transmitPacket:&nbsp; Error TX Queue full, no lost buf yet19080 if = 0</P><P>08Aug2011 13:34:15.595 0.000&nbsp; sensorApp[510] sensorApp/E transmitPacket: Error TX Queue full, no lost buf&nbsp; yet31928 if = 0</P><P>08Aug2011 13:34:15.595 0.000 sensorApp[510] sensorApp/E&nbsp; transmitPacket: Error TX Queue full, no lost buf yet40998 if = 0</P><P>08Aug2011&nbsp; 13:34:15.596 0.001 sensorApp[510] sensorApp/E transmitPacket: Error TX Queue&nbsp; full, no lost buf yet18245 if = 0</P><P>08Aug2011 13:34:15.596 0.000 sensorApp[510]&nbsp; sensorApp/E transmitPacket: Error TX Queue full, no lost buf yet44343 if =&nbsp; 0</P><P></P><P>and that's make the IPS hangging and stop working sometimes ,Does any one has solution for this problem?</P> Sun, 10 Mar 2019 12:26:57 GMT https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755249#M56430 Michael Soliman 2019-03-10T12:26:57Z https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755250#M56431 <HTML><HEAD></HEAD><BODY><P>Sounds like the IPS appliance might have been overloaded hence there is not enough buffer in the transmit Queue.</P><P></P><P>Here is a bug that contains information on what might be the issue: CSCtc18038</P><P><A class="jive-link-external-small" href="http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&amp;bugId=CSCtc18038">http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&amp;bugId=CSCtc18038</A></P></BODY></HTML> Wed, 17 Aug 2011 07:33:06 GMT https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755250#M56431 Jennifer Halim 2011-08-17T07:33:06Z https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755251#M56432 <HTML><HEAD></HEAD><BODY><P>Hello Jennifer </P><P></P><P>Actually The IPS IOS version I have is 7.0(5)E4,I believe the problem is solved in this version.</P><P>Please get back to me quickly as this is stopping my IPS service and I will be unable to manage the IPS.</P></BODY></HTML> Sun, 21 Aug 2011 07:59:15 GMT https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755251#M56432 Michael Soliman 2011-08-21T07:59:15Z https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755252#M56433 <HTML><HEAD></HEAD><BODY><P> Stop the Global corrrelation update and check.</P></BODY></HTML> Sun, 21 Aug 2011 19:22:59 GMT https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755252#M56433 haivrajesh 2011-08-21T19:22:59Z https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755253#M56434 <HTML><HEAD></HEAD><BODY><P>Hi.</P><P>I have the same problem. But I have to explain a little.</P><P>I have two ASA with an AIP-SSM-20 module each. The ASA are in failover configuration. Since this summer, when I begun to manage the IPS modules, I had problems with them because each module data-plane was going down after some time (about 3 days) it was up. I reset them, but they again went down on data-plan. This, obviously, caused the ASA to failover every time the primary module data-plane went down. The situation is the same nowadays.</P><P>This is an output from the show failover on the primary ASA:</P><P></P><P>slot 1: ASA-SSM-20 hw/sw rev (1.0/7.0(5a)E4) status (Up/Down)</P><P></P><P>I had to shutdown the IPS module on secondary ASA to not have it becoming active.</P><P></P><P>Looking at the show tech-support on the module, I saw the lines sent on this thread at the firs post from Michael Soliman.</P><P>I also looked at the link sent by Jennifer, but the wos no solution in it but only a workaround.</P><P>The modules firmware you can see in the line above. Instead the ASA version is 8.0(5)25.</P><P></P><P>In other investigations I made on the Internet, I saw that some people resolved this issue having the ASA appliance substituted.</P><P>Is that the only way to the resolution?</P><P></P><P>Thanks in advance.</P></BODY></HTML> Mon, 05 Dec 2011 12:24:49 GMT https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755253#M56434 alexpara72 2011-12-05T12:24:49Z https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755254#M56435 <HTML><HEAD></HEAD><BODY><P> hi again</P><P>Had a similary problem this spring - had to migrate 2 ASA5510 with SSM-10 to 2 brandnew ASA5520 with SSM-20 - while I tested the new setup - simple burn-in test running a week - there I also expirienced that after a few days I suddenly got failover because the SSM20 module failed - got a replacement and they have now been running without problems. But honestly - no idea of what was wrong with the SSM20 module - but I swapped it between the ASA's and the problem followed the SSM module</P></BODY></HTML> Mon, 05 Dec 2011 13:32:37 GMT https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755254#M56435 tiwang 2011-12-05T13:32:37Z https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755255#M56436 <HTML><HEAD></HEAD><BODY><P>Hi tiwang.</P><P>Thanks for your answer.</P><P>Just a question: did you replace the module itself or the entire ASA?</P><P></P><P>My problem is that I have this issue on both modules. For this reason I have to keep one shutdown :O(</P><P></P><P>I hope there is another solution.</P><P></P><P>Regards.</P></BODY></HTML> Mon, 05 Dec 2011 13:44:10 GMT https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755255#M56436 alexpara72 2011-12-05T13:44:10Z https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755256#M56437 <HTML><HEAD></HEAD><BODY><P> hmm - both modules? anyway - since the ssm module was part of a bundle I got the whole asa box replaced </P><P></P><P>best regards /ti</P></BODY></HTML> Mon, 05 Dec 2011 13:48:59 GMT https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755256#M56437 tiwang 2011-12-05T13:48:59Z https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755257#M56438 <HTML><HEAD></HEAD><BODY><P>Hi.</P><P>Yes, tiwang, both modules. Anyway, I think I'm going to open a&nbsp; TAC to Cisco to have the ASAs replaced because I noticed also other&nbsp; issues. I don't want to get OT now, but I think those modules behave&nbsp; very strangely. For example, they don't alert for a port scan I did, but&nbsp; the same scan done against another ASA, in another environment, with&nbsp; the SSM configured in the same way and with the same firmware, gets&nbsp; logged immediately.</P><P>Moreover, till yesterday I had a simple config to divert traffic&nbsp; to the IPS: a class map matching an acl of type ip any to any, this&nbsp; class map called by the global-policy and the service policy applied&nbsp; globally. In such situation the IPS logged every internal traffic (we've&nbsp; many vlan on the ASA) and it was tedious going to guess the best filter&nbsp; to see only what I wanted to see. So, yesterday I decided to remove the&nbsp; traffic diversion from the global policy creating a new policy and&nbsp; applying this only on the outside (internet) interface. The result is&nbsp; that I still don't see any scan made against the firewall or the natted&nbsp; services and moreover I still can see some (really, not much) packet&nbsp; logged regarding internal traffic.</P><P>This is the current traffic diversion config:</P><P></P><P>access-list IPS-OUTSIDE extended permit ip any any</P><P>!</P><P>class-map IPS-Outside</P><P> match access-list IPS-OUTSIDE</P><P>!</P><P>policy-map IPS-Outside-policy</P><P> class IPS-Outside</P><P>&nbsp; ips promiscuous fail-open</P><P>!</P><P>service-policy IPS-Outside-policy interface outside</P><P></P><P>Anyway, browsing the Internet, I din't find an official&nbsp; announcement regarding the proplem in this topic (modules going down at&nbsp; data-plane level) and an official resolution by Cisco.</P><P>I only found posts telling that the only resolution was the replacement of the entire ASA.</P><P>This is very discouraging.</P><P></P><P>Thanks a lot.</P><P>Regards.</P></BODY></HTML> Wed, 07 Dec 2011 09:30:25 GMT https://community.cisco.com/t5/network-security/ips-system-message-problem/m-p/1755257#M56438 alexpara72 2011-12-07T09:30:25Z