Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1008
Views
0
Helpful
1
Replies

ASA5505 un-responsive after installing ASA-SSC-AIP-5 IPS module

n-russell-biggie
Level 1
Level 1

‎07-17-2012 05:43 AM - edited ‎03-10-2019 05:43 AM

Hello,

Can anyone help?

I have a pair of ASA 5505 firewalls in a failover configuration. Everything works correctly until I install the IPS module into the secondary firewall. When install I can no longer ping the firewall from the inside network. We do not have an external network set up at present.

I have connected to the secondary firewall via the console. Issues the command "session 1" and can then get to the IPS. I have set the IPS hostname and given it an address on the interal network. I have set the ACL on the IPS to permit the inside range.

The results are that we are unable to reach the ASA or the IPS on the internal range. The primary firewall is no longer able to ping the inside address of the secondary firewall. As soon as I remove the IPS modue all returns to normal. Im not sure what would be causing this. If anyone can tell me where they think I went wrong that would be great.

Thanks

Labels:
0 Helpful
1 Reply 1

rleivaoc
Cisco Employee
Cisco Employee

‎08-15-2012 07:31 PM

This sounds like a IP issue some where on the ASA, or IPS module. Did you run a capture on the ASA, and the IPS module to see if the respones are arriveing? On the issue, you can use the "capture interface " on the ASA, and the "packet display expression host ". This will help you determin if there is a ARP, or some other IP related issue on the network.

I hope this helps,

Rafael

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card