02-17-2009 10:01 AM - edited 03-10-2019 04:30 AM
Having problem with TLS connection from controller to AIP-SSM. The response cide from IPS to the controller suppose to be 0 but I am getting 35.
TLS fingerprint matches between AIP-SSM and configuration on the controller. And connectivity is good between Controller and AIP-SSM and the time is sync between the two also.
AIP-SSM is Version 6.0(4)
Error log from AIP-SSM:
evError: eventId=1221057394278884465 vendor=Cisco severity=error
originator:
hostId: labips
appName: cidwebserver
appInstanceId: 393
time: February 13, 2009 1:58:39 PM UTC offset=0 timeZone=GMT-08:00
errorMessage: WebSession::sessionTask TLS connection exception: handshake incomplete. name=errTransport
(Cisco Controller) >debug wps cids enable
*Feb 13 14:24:50.982: cidsSdeeCallback is called
*Feb 13 14:24:50.983: cidsProcessSdeeQuery: ip=10.100.1.6,port=443 state=1 interval=10
*Feb 13 14:24:50.983: cidsQuerySend: https://10.100.1.6:443/cgi-bin/transaction-server?command=getShunEntryList
*Feb 13 14:24:50.983: curlHandle is c6facec
*Feb 13 14:24:50.983: Perform on curlHandle c6facec ...
*Feb 13 14:24:50.990: ssl_sensor_verify_callback: verifying cert from sensor
*Feb 13 14:24:50.990: Cert fingerprint verified
*Feb 13 14:24:50.995: Response code is 35
*Feb 13 14:25:00.565: cidsSdeeCallback is called
*Feb 13 14:25:00.565: cidsProcessSdeeQuery: ip=10.100.1.6,port=443 state=1 interval=10
*Feb 13 14:25:00.565: cidsQuerySend: https://10.100.1.6:443/cgi-bin/transaction-server?command=getShunEntryList
*Feb 13 14:25:00.566: curlHandle is c6facec
*Feb 13 14:25:00.566: Perform on curlHandle c6facec ...
*Feb 13 14:25:00.572: ssl_sensor_verify_callback: verifying cert from sensor
*Feb 13 14:25:00.573: Cert fingerprint verified
*Feb 13 14:25:00.577: Response code is 35
*Feb 13 14:25:10.145: cidsSdeeCallback is called
*Feb 13 14:25:10.146: cidsProcessSdeeQuery: ip=10.100.1.6,port=443 state=1 interval=10
*Feb 13 14:25:10.146: cidsQuerySend: https://10.100.1.6:443/cgi-bin/transaction-server?command=getShunEntryList
*Feb 13 14:25:10.146: curlHandle is c6facec
*Feb 13 14:25:10.146: Perform on curlHandle c6facec ...
*Feb 13 14:25:10.153: ssl_sensor_verify_callback: verifying cert from sensor
*Feb 13 14:25:10.153: Cert fingerprint verified
*Feb 13 14:25:10.158: Response code is 35
*Feb 13 14:25:19.743: cidsSdeeCallback is called
*Feb 13 14:25:19.743: cidsProcessSdeeQuery: ip=10.100.1.6,port=443 state=1 interval=10
*Feb 13 14:25:19.743: cidsQuerySend: https://10.100.1.6:443/cgi-bin/transaction-server?command=getShunEntryList
*Feb 13 14:25:19.744: curlHandle is c6facec
*Feb 13 14:25:19.744: Perform on curlHandle c6facec ...
*Feb 13 14:25:19.750: ssl_sensor_verify_callback: verifying cert from sensor
*Feb 13 14:25:19.751: Cert fingerprint verified
*Feb 13 14:25:19.755: Response code is 35
02-17-2009 10:06 AM
p.s Controller release is 5.2
02-17-2009 02:37 PM
Did you run the "TLS Trusted Host" command on the module?
02-17-2009 02:40 PM
Yes
02-17-2009 02:41 PM
did all the steps on the AIP-SSM and on the controller per the configuration guide
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide