cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
402
Views
0
Helpful
4
Replies
Beginner

Nothing Displayed on the IPS Dashboard

I have recently installed and initialized IPS module on ASA 5520 with help of cisco tec-support. But i dont see any traffic on IPS Dashboard. Our previous IPS 4240 shows alot of hits on its Dashboard. Why is this?

4 REPLIES 4
Enthusiast

Nothing Displayed on the IPS Dashboard

What version of IDM are you using?

Can you share a screenshot of what you are seeing?

Try to use the latest version of IDM and also try to access the module using a web browser instead of the launcher, in case you are using the launcher.

Beginner

Nothing Displayed on the IPS Dashboard

I have attached the file you requested.

The IDM version is 7.1

Cisco IPS Manager Express 7.2.3

Here Below is how i have initalized IPS module and how i have send the traffic to IPS on ASA5520.

access-list outside_ips extended permit ip any any

class-map inspection_default

match default-inspection-traffic

class-map outside-class

match access-list outside_ips

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

class outside-class

  ips inline fail-open sensor vs0

!

service-policy global_policy global

I believe with above configuration i will be able to inspect all traffic that is coming from external to DMZ and from DMZ to inside.The dashboard image, which i have attached is been like that for a week now. Before I removed our old IPS 4240, i see lots of traffic/hits on that dashboard (4240). which i believe i should see on this new IPS dashboard aswel. This makes me confuse. I think i doing this wrong.

Highlighted
Enthusiast

Nothing Displayed on the IPS Dashboard

Two things we can try.

Try to "rediscover" the sensor.

Basically go to the device list, delete it and add it back.

If that doesn't work, try to reload the server that has the IME software.

Participant

Nothing Displayed on the IPS Dashboard

Hello,

Something else you can check is the backplane  interface, soemtimes the backplane interface is not enabled and the IPS  does not process/inspect any data.

You can check the  backplane inteface by going to configuration > policies > right  click on the vs0 or vs1 and "check" the interface if it is uncheck.

Below you can see an example:

Hope it helps.

Regards,

Juan Lombana

Please rate helpful posts.