10-01-2012 01:36 AM - edited 03-11-2019 05:01 PM
I have a new 5512-X with the built in IPS sensor. The firewall is running in transparent mode with the management interface being used for both the ASA and the IPS sensor. i.e. a single interface.
Both the IPS and the ASA are configured on the same network segment (172.29.25.252 for the firewall and 172.29.25.250 for the IPS).
However the IPS module keeps going off-line whilst the firewall is fine. So CSM Health and Performance Manager keeps coming up with an error.
Now the interesting bit...
If I SSH to the firewall and issue a session ips I get straight into the sensor.
I can then ping something from the sensor - exit out and the sensor is visible on the network for a while.
It then drops again.
Is there a keep-alive that I need to configure to get this working properly?
Thanks
Giles Cooper
10-01-2012 02:03 AM
Hello,
when your IPS drops, what is the output of the below command
sh module
regards
Harish.
10-01-2012 02:48 AM
At the moment the ping response is down and this is the status of the card.
PEG-UAG-FW01# sh module
Mod Card Type Model Serial No.
--- -------------------------------------------- ------------------ -----------
0 ASA 5512-X with SW, 6 GE Data, 1 GE Mgmt, AC ASA5512 FCH16277CAL
ips ASA 5512-X IPS Security Services Processor ASA5512-IPS FCH16277CAL
Mod MAC Address Range Hw Version Fw Version Sw Version
--- --------------------------------- ------------ ------------ ---------------
0 d48c.b54e.41c1 to d48c.b54e.41c8 1.0 2.1(9)8 8.6(1)2
ips d48c.b54e.41bf to d48c.b54e.41bf N/A N/A 7.1(4)E4
Mod SSM Application Name Status SSM Application Version
--- ------------------------------ ---------------- --------------------------
ips IPS Up 7.1(4)E4
Mod Status Data Plane Status Compatibility
--- ------------------ --------------------- -------------
0 Up Sys Not Applicable
ips Up Up
Mod License Name License Status Time Remaining
--- -------------- --------------- ---------------
ips IPS Module Enabled perpetual
PEG-UAG-FW01#
logging onto the ips I do the following
login: cisco
Password:
***NOTICE***
This product contains cryptographic features and is subject to United States
and local country laws governing import, export, transfer and use. Delivery
of Cisco cryptographic products does not imply third-party authority to import,
export, distribute or use encryption. Importers, exporters, distributors and
users are responsible for compliance with U.S. and local country laws. By using
this product you agree to comply with applicable laws and regulations. If you
are unable to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
PEG-UAG-FW01-IPS# ping 172.29.25.1
PING 172.29.25.1 (172.29.25.1): 56 data bytes
64 bytes from 172.29.25.1: seq=0 ttl=255 time=16.201 ms
64 bytes from 172.29.25.1: seq=1 ttl=255 time=65.995 ms
64 bytes from 172.29.25.1: seq=2 ttl=255 time=5.136 ms
64 bytes from 172.29.25.1: seq=3 ttl=255 time=4.294 ms
--- 172.29.25.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 4.294/22.906/65.995 ms
PEG-UAG-FW01-IPS#
At this point I can ping the ips from the network.
Thanks
Giles
10-01-2012 03:04 AM
Hello Giles,
Thanks for the output. What version of OS in ASA and IPS you are running
regards
Harish
10-01-2012 03:08 AM
Also What is the default getway of the IPS . I hope the subnet resides on the ASA inside network
regards
Harish.
10-01-2012 05:38 AM
Hi Harish
The software versions are in the show version command in my earlier response.
As to the default gateway it is the same as the firewall 172.29.25.1, the subnet does not reside on the inside network as the firewall is in transparent mode i.e. there isn't an outside and inside link. But as the firewall sits on the same subnet and I can always get to the management address of itself I can't see why it would make any difference.
Giles
10-01-2012 10:26 AM
Hello,
Can you make sure no-one else is using the same IP of the IPS sensor on your internal network.
Can you set a different Ip on the sensor and try with that,
Any other question..Sure..Just remember to rate all of my answers.
Regards
Julio
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: