Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1728
Views
0
Helpful
3
Replies

IPS (SSM-20) on ASA 5540 gets unresponsive everyday!

Stephano Mwendo
Level 1
Level 1

‎10-24-2013 08:31 AM - edited ‎03-10-2019 06:04 AM

Hello,

I have this problem with AIP SSM-20 on ASA 5540 that everyday in the morning I find it in unresponsive state.

IPS comes up when I issue hw-module 1 reset command. This has been so annoying and I still have not established what causes this.

I was using 60 day demo license that  has currently  expired but according to Cisco documentation the sensor should work perfectly only the signature updates will not happen. Besides the problem was occuring even before the lisence expired.

ASA IOS image is  asa825-k8.bin and here is the output of IPS TAC info;



TAC Contact Information

URL:http://www.cisco.com/public/support/tac/home.shtml/

Phone:1 (800) 553-2447

Sensor up-time is 2:40.

Platform: ASA-SSM-20

Booted Partition: application

Partition: application

  Build Version: 7.0(2)E4

  Host:

    Realm Keys      key1.0

  Signature Definition:

    Signature Update      S742.0    2013-09-17

  Os Version: 2.4.30-IDS-smp-bigphys

  Applications

    MainApp

      B-BEAU_2009_OCT_15_08_07_7_0_1_111  2009-10-15T08:09:06-0500  ipsbuild

      Execution State: running

    AnalysisEngine

      BE-BEAU_E4_2010_MAR_25_02_09_7_0_2  2010-03-25T02:11:05-0500  ipsbuild

      Execution State: running

    CollaborationApp

      B-BEAU_2009_OCT_15_08_07_7_0_1_111  2009-10-15T08:09:06-0500  ipsbuild

      Execution State: running

  Installed Upgrades

    Upgrade name: IPS-sig-S737-req-E4

    Time Installed: August 23, 2013 12:35:04 PM

    Upgrade name: IPS-sig-S742-req-E4.pkg

    Time Installed: September 23, 2013 12:13:55 PM

  Next Downgrade:

Partition: recovery

Build Version: 1.1 - 7.0(2)E4

PEP Udi Module

  description ASA 5500 Series Security Services Module-20

  pid ASA-SSM-20

  vid V03

  sn JAF1535CKBB

Memory usage

  usedBytes=1022537728

  freeBytes=1071063040

  totalBytes=2093600768

Disk usage

  system is using 17.4M out of 38.5M bytes of available disk space (45% usage)

  application-data is using 47.1M out of 166.8M bytes of available disk space (30% usage)

  boot is using 41.6M out of 68.6M bytes of available disk space (64% usage)

  application-log is using 123.5M out of 513.0M bytes of available disk space (24% usage)

Please help.

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎10-25-2013 04:36 PM

Hello Stephano,

Certainly not a nice time you are having with the AIP-SSM but I have seen this in the past and I would recommend to do a re-image to the AIP-SSM and keep an eye on it

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Luis Silva Benavides
Cisco Employee
Cisco Employee
In response to Julio Carvajal

‎10-25-2013 05:03 PM

Hi Stephano,

There a known issues with memory handleling and signature updates on versions pre-7.0.8.

As Julio said re-image to the latest

HTH

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach us"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva
0 Helpful

Stephano Mwendo
Level 1
Level 1
In response to Julio Carvajal

‎11-04-2013 02:31 AM

Thanks Julio I will do that and let you know.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card