Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
849
Views
0
Helpful
4
Replies

Nothing Displayed on the IPS Dashboard

cisco.bml
Level 1
Level 1

‎04-01-2013 11:59 PM - edited ‎03-10-2019 05:56 AM

I have recently installed and initialized IPS module on ASA 5520 with help of cisco tec-support. But i dont see any traffic on IPS Dashboard. Our previous IPS 4240 shows alot of hits on its Dashboard. Why is this?

Labels:
0 Helpful
4 Replies 4

jocamare
Level 4
Level 4

‎04-02-2013 01:46 PM

What version of IDM are you using?

Can you share a screenshot of what you are seeing?

Try to use the latest version of IDM and also try to access the module using a web browser instead of the launcher, in case you are using the launcher.

0 Helpful

cisco.bml
Level 1
Level 1
In response to jocamare

‎04-02-2013 09:28 PM

I have attached the file you requested.

The IDM version is 7.1

Cisco IPS Manager Express 7.2.3

Here Below is how i have initalized IPS module and how i have send the traffic to IPS on ASA5520.

access-list outside_ips extended permit ip any any

class-map inspection_default

match default-inspection-traffic

class-map outside-class

match access-list outside_ips

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

class outside-class

  ips inline fail-open sensor vs0

!

service-policy global_policy global

I believe with above configuration i will be able to inspect all traffic that is coming from external to DMZ and from DMZ to inside.The dashboard image, which i have attached is been like that for a week now. Before I removed our old IPS 4240, i see lots of traffic/hits on that dashboard (4240). which i believe i should see on this new IPS dashboard aswel. This makes me confuse. I think i doing this wrong.

0 Helpful

jocamare
Level 4
Level 4
In response to cisco.bml

‎04-03-2013 11:39 AM

Two things we can try.

Try to "rediscover" the sensor.

Basically go to the device list, delete it and add it back.

If that doesn't work, try to reload the server that has the IME software.

0 Helpful

julomban
Level 3
Level 3

‎04-03-2013 12:56 PM

Hello,

Something else you can check is the backplane  interface, soemtimes the backplane interface is not enabled and the IPS  does not process/inspect any data.

You can check the  backplane inteface by going to configuration > policies > right  click on the vs0 or vs1 and "check" the interface if it is uncheck.

Below you can see an example:

Hope it helps.

Regards,

Juan Lombana

Please rate helpful posts.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card