Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1037
Views
0
Helpful
8
Replies

ASA 5505 without IPS can't remove some IPS configurations

wonder-cisco
Level 1
Level 1

‎12-06-2012 05:09 AM - edited ‎03-11-2019 05:33 PM

Hello,

I have an ASA 5505 without any IPS module.

While copy/pasting some configurations from another 5510 with IPS I copied my mistake the some of the IPS configurations part. Now I can't remove it.

When ASA starts I get this Warning:

...WARNING> IPS policy is configured without an SSM card.

*** Output from config line 828, "  ips inline fail open"

Those lines are:

policy-map Outside_Policy

     class IPS_class

          ips inline fail-open

When I try to do "no ips inline fail-open" I get an "invalid input detected".

If I try a no class IPS_class I get that is being in use.

What can I do to clean up those lines?

Many Thanks.

Labels:
0 Helpful
8 Replies 8

julomban
Level 3
Level 3

‎12-06-2012 05:13 AM

Hello Sergio,

Can you remove the service policy first and then the class? You can issue the show run service-policy command and remove the one called "Outside_Policy".

Let me know if after that you are able to remove the class.

Regards,

Juan Lombana

Please rate helpful posts.

0 Helpful

wonder-cisco
Level 1
Level 1
In response to julomban

‎12-06-2012 05:31 AM

I get "Outside_Policy is being used and hence cannot be removed".

0 Helpful

julomban
Level 3
Level 3
In response to wonder-cisco

‎12-06-2012 05:36 AM

Hello Sergio,

Can you share the show run output from your ASA?

Regards.

Juan Lombana

Please rate helpful posts.

0 Helpful

wonder-cisco
Level 1
Level 1
In response to julomban

‎12-06-2012 06:16 AM

Hi!, i've attached the output.

139544-putty.log.zip
0 Helpful

julomban
Level 3
Level 3
In response to wonder-cisco

‎12-06-2012 06:26 AM

Sergio,

You already try the command below right?

policy-map Outside_Policy

no class IPS_class

My guessing is that process is stuck on the FW and you may need to reload the unit.

Go ahead and reload the ASA appliance and let us know if after the reload the command is still on the config or if you can remove them.

Regards,

Juan Lombana

Please rate helpful posts.

0 Helpful

wonder-cisco
Level 1
Level 1
In response to julomban

‎12-06-2012 06:38 AM

Thank you very much for your help.

Unfortuntally, keep stucked. Firewall is not into production yet and I did a coulple of reloads so far.

0 Helpful

wonder-cisco
Level 1
Level 1
In response to wonder-cisco

‎12-06-2012 07:25 AM

Ok, I've fixed by doing a backup/restore without those 3 lines...

Many thanks for your help.

0 Helpful

julomban
Level 3
Level 3
In response to wonder-cisco

‎12-06-2012 07:41 AM

Sergio,

Good to know that, it make sense if you have a old config saved.

Regard,

Juan Lombana

Please rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card