ā09-11-2013 07:02 AM - edited ā03-10-2019 06:03 AM
Hello!
I can not access to the ASA IPS module.
I try from ASDM. Configuration->IPS. I type username and password and see following message: "Error connecting to sensor. Error loading sensor"
Could you please help me to correct my config?
I have network topology like this
http://www.cisco.com/image/gif/paws/113690/ips-config-mod-01.gif
My config
KR-ASA# sh run int gig 0/5
!
interface GigabitEthernet0/5
nameif Inside
security-level 100
ip address 172.33.1.253 255.255.255.0 standby 172.33.1.254
!
interface Management0/0
management-only
no nameif
security-level 0
no ip address
!
KR-ASA# sh module ips details
App. name: IPS
App. Status: Up
App. Status Desc: Normal Operation
App. version: 7.1(4)E4
Data Plane Status: Up
Status: Up
License: IPS Module Enabled perpetual
Mgmt IP addr: 172.33.1.251
Mgmt Network mask: 255.255.255.0
Mgmt Gateway: 172.33.1.253
Mgmt Access List: 172.33.1.0/24
Mgmt Access List: 172.34.1.0/24
Mgmt web ports: 443
Mgmt TLS enabled: true
!
KR-ASA# ping 172.33.1.251
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.33.1.251, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/10 ms
!
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
!
Thank you!
Solved! Go to Solution.
ā09-11-2013 11:41 AM
Hi Vladimir,
Yups, that is one issue which is seen. Java downgrade should fix this. If not, enable java debug logs and paste those here:
Go to control panel->right click java->Open->Advanced->Check all boxes under debugging and click radio button for show console
Run IDM from browser again and collect the data in java console window and paste it here.
-
Regards,
Sourav Kakkar
ā09-11-2013 11:11 AM
Hi Vladimir,
Here is how packets are going to flow:
- From management machine to IPS
- IPS will reply directly to mgmt machine if it is in same subnet as that of IPS.
- IPS will reply through its DG which is ASA in this case if mgmt machine is not in same subnet as that of IPS and in that case appropriate config would be needed on ASA.
Are you able to ping IPS from mgmt machine?
Check this link and see which scenario suits you (possibly 1):
http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a0080bd5d03.shtml
Once necessary config is done and in case you get problems while accessing the IPS from ASDM, try following from same machine:
open browser and go to: https://172.33.1.251
HTH.
-
Regards,
Sourav Kakkar
ā09-11-2013 11:24 AM
Hello, sokakkar!
Thank you for the reply!
Yes, scenario 1 is mine.
I can ping IPS from my PC and from ASA. ASA gig 0/5 and IPS are in same subnet - 172.33.1.0/24.
I can access https://172.33.1.251. I see invitation to download asdm|idm software. But I cannot access IPS from this software too.
https://supportforums.cisco.com/thread/2172962
Here is same problem.
I will downgrade java version on my PC and try to access to IPS from ASDM
From this link
-This is one of the issues we are lately seen on the TAC and yes, it is 100% related to the java version on the PC because of the JAVA SSL Client Hello Format.
-Hi Guys, today I solved this issue. The problem is concern to JAVA version. ASDM work ok with java ver 7, but IDM not work with this java version. I downgrade mi java version from 7 to 6 and IDM now lauch from ASDM.
ā09-11-2013 11:41 AM
Hi Vladimir,
Yups, that is one issue which is seen. Java downgrade should fix this. If not, enable java debug logs and paste those here:
Go to control panel->right click java->Open->Advanced->Check all boxes under debugging and click radio button for show console
Run IDM from browser again and collect the data in java console window and paste it here.
-
Regards,
Sourav Kakkar
ā09-11-2013 11:52 PM
Hi, sokakkar!
I will try tomorrow and will let you know about result.
Thank you for the help!
ā09-13-2013 05:35 AM
Hi sokakkar!
I've installed java version 6. Everything is fine, I have access to IPS from ASDM. Thank you for the help!
ā09-13-2013 07:24 AM
Hi Vladimir,
Sounds great! You really figured it out yourself!
Please rate the post which provided the solution.
-
Regards,
Sourav Kakkar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide