cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

457
Views
0
Helpful
4
Replies
Highlighted
Beginner

AIP-SSM POSPF not working at all

Hi,

I want to configure the passive os detection on a ASA-SSM10, i tried to configure from IDM from CLI but still no results. The Learned OS window is empty.

CLI output:

os-identification

-----------------------------------------------

calc-arr-for-ip-range: 0.0.0.0-255.255.255.255 default: 0.0.0.0-255.255.255.255

configured-os-map (ordered min: 0, max: 50, current: 0 - 0 active, 0 inactive)

-----------------------------------------------

passive-traffic-analysis: Enabled default: Enabled

-----------------------------------------------

sh os-identification vs0 learned

No mappings available for the requested parameters.

The IPS version is 6.0(3)E1.

Any ideas?

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

There is a known issue with Passive OS Fingerprinting on the SSMs.

CSCsi52422

The problem has been fixed and will be available in an upcoming 6.0(4) Service Pack.

View solution in original post

4 REPLIES 4
Highlighted
Cisco Employee

Your configuration is OK, I have the exact same in mine and OS learning is working fine. Are you sure your SSM is seeing traffic from the ASA, have you set up a service policy to direct traffic to it?

Do "sho service-policy" on the ASA and make sure it is actually sending data to the SSM.

Highlighted

Hi

Yes, all traffic is redirected to SSM, with a permit any class map.

The signature detection is working fine, I have problem only with the OS learning.

Highlighted

There is a known issue with Passive OS Fingerprinting on the SSMs.

CSCsi52422

The problem has been fixed and will be available in an upcoming 6.0(4) Service Pack.

View solution in original post

Highlighted

Thanks

Content for Community-Ad