Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1104
Views
0
Helpful
3
Replies

AIP-SSM-20 shunning problem for block host request

Mammad Mammadov
Level 1
Level 1

‎10-02-2012 12:00 PM - edited ‎03-10-2019 05:47 AM

I enable signature 2000 for testing for request block connection on ASA. But it isn't work. Device login profile and connection between ASA and AIP-SSM are correct. I see the following error in Event Viewer:

evError: eventId=1297944335862322485  vendor=Cisco  severity=error 

  originator:  

    hostId: sensor 

    appName: nac 

    appInstanceId: 419 

  time: окт 02, 2012 10:32:55 UTC  offset=240  timeZone=GMT+04:00 

  errorMessage: Attempted to shun Sensor [10.x.x.x]  name=errUnacceptableValue 

Can you help me?

Labels:
0 Helpful
3 Replies 3

sawgupta
Level 1
Level 1

‎10-02-2012 11:25 PM

Could you try directly configuring on ASA, does it work then ?

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a0080afe111.shtml#shun

What is the software version on ASA and IPS module ? Could you upgrade to latest if required.

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta
0 Helpful

Mammad Mammadov
Level 1
Level 1
In response to sawgupta

‎10-03-2012 03:22 AM

Mod Card Type                                    Model              
--- -------------------------------------------- ------------------ -----------
  0 ASA 5520 Adaptive Security Appliance         ASA5520           

  1 ASA 5500 Series Security Services Module-20  ASA-SSM-20        

Mod MAC Address Range                 Hw Version   Fw Version   Sw Version    
--- --------------------------------- ------------ ------------ ---------------
  0 70ca.9b6e.0116 to 70ca.9b6e.011a  2.0          1.0(11)5     8.2(5)
  1 001f.ca09.2681 to 001f.ca09.2681  1.0          1.0(11)5     7.0(4)E4

Mod SSM Application Name           Status           SSM Application Version
--- ------------------------------ ---------------- --------------------------
  1 IPS                            Up               7.0(4)E4

Mod Status             Data Plane Status     Compatibility
--- ------------------ --------------------- -------------
  0 Up Sys             Not Applicable        

0 Helpful

sergey_sazhin
Level 1
Level 1
In response to Mammad Mammadov

‎04-23-2013 02:29 AM

There is the following document on Cisco.com:

http://www.cisco.com/image/gif/paws/111001/shun-block-config-ex.pdf

"Connection blocks are not supported by security appliances. Security appliances only support host blocks with optional port and protocol information."

request-block-connection is used to block traffic on Cisco IOS (Using ACLs) so it's not applicable for ASA. On ASA Use request-block-host instead.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card