cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2513
Views
0
Helpful
6
Replies

ASA 5515 IPS management access

Hello!

I can not access to the  ASA IPS module.

I try from ASDM. Configuration->IPS. I type username and password and see following message: "Error connecting to sensor. Error loading sensor"

Could you please help me to correct my config?

I have network topology like this

http://www.cisco.com/image/gif/paws/113690/ips-config-mod-01.gif

My config

KR-ASA# sh run int gig 0/5

!

interface GigabitEthernet0/5

nameif Inside

security-level 100

ip address 172.33.1.253 255.255.255.0 standby 172.33.1.254

!

interface Management0/0

management-only

no nameif

security-level 0

no ip address

!

KR-ASA# sh module ips details       

App. name:          IPS

App. Status:        Up

App. Status Desc:   Normal Operation

App. version:       7.1(4)E4

Data Plane Status:  Up

Status:             Up

License:            IPS Module  Enabled  perpetual

Mgmt IP addr:       172.33.1.251                                               

Mgmt Network mask:  255.255.255.0                                              

Mgmt Gateway:       172.33.1.253                                               

Mgmt Access List:   172.33.1.0/24                                              

Mgmt Access List:   172.34.1.0/24                                              

Mgmt web ports:     443                                                        

Mgmt TLS enabled:   true  

!       

KR-ASA# ping 172.33.1.251

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.33.1.251, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/10 ms

!

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

!

Thank you!

   

1 Accepted Solution

Accepted Solutions

Hi Vladimir,

Yups, that is one issue which is seen. Java downgrade should fix this. If not, enable java debug logs and paste those here:

Go to control panel->right click java->Open->Advanced->Check all boxes under debugging and click radio button for show console

Run IDM from browser again and collect the data in java console window and paste it here.

-

Regards,

Sourav Kakkar

View solution in original post

6 Replies 6

sokakkar
Cisco Employee
Cisco Employee

Hi Vladimir,

Here is how packets are going to flow:

- From management machine to IPS

- IPS will reply directly to mgmt machine if it is in same subnet as that of IPS.

- IPS will reply through its DG which is ASA in this case if mgmt machine is not in same subnet as that of IPS and in that case appropriate config would be needed on ASA.

Are you able to ping IPS from mgmt machine?

Check this link and see which scenario suits you (possibly 1):

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a0080bd5d03.shtml

Once necessary config is done and in case you get problems while accessing the IPS from ASDM, try following from same machine:

open browser and go to: https://172.33.1.251

HTH.

-

Regards,

Sourav Kakkar

Hello, sokakkar!

Thank you for the reply!

Yes, scenario 1 is mine.

I can ping IPS from my PC and from ASA. ASA gig 0/5 and IPS are in same subnet - 172.33.1.0/24.

I can access https://172.33.1.251. I see invitation to download asdm|idm software. But I cannot access IPS from this software too.

https://supportforums.cisco.com/thread/2172962

Here is same problem.

I will downgrade java version on my PC and try to access to IPS from ASDM

From this link

-This is one of the issues we are lately seen on the TAC and yes, it is 100% related to the java version on the PC because of the JAVA SSL Client Hello Format.

-Hi Guys, today I solved this issue. The problem is concern to JAVA version. ASDM work ok with java ver 7, but IDM not work with this java version. I downgrade mi java version from 7 to 6 and IDM now lauch from ASDM.

Hi Vladimir,

Yups, that is one issue which is seen. Java downgrade should fix this. If not, enable java debug logs and paste those here:

Go to control panel->right click java->Open->Advanced->Check all boxes under debugging and click radio button for show console

Run IDM from browser again and collect the data in java console window and paste it here.

-

Regards,

Sourav Kakkar

Hi, sokakkar!

I will try tomorrow and will let you know about result.

Thank you for the help!

Hi sokakkar!

I've installed java version 6. Everything is fine, I have access to IPS from ASDM. Thank you for the help!

Hi Vladimir,

Sounds great! You really figured it out yourself!

Please rate the post which provided the solution.

-

Regards,

Sourav Kakkar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: