Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
758
Views
0
Helpful
3
Replies

ASA5585-SSP-IPS10 goes down when I send traffic to it.

Go to solution
s.ahmadi631
Level 1
Level 1

‎10-17-2015 02:37 AM - edited ‎03-10-2019 06:28 AM

Hi, I have two ASA5585-SSP-10 with two ASA5585-SSP-IPS10. I configured two ASAs as active, standby. When I try to send all traffic to IPS, after awhile, my IPS's AnalysisEngine state becomes notRunning.  

Here is part of  show version output:

 Cisco Intrusion Prevention System, Version 7.1(1)E4

 MainApp   S-SPYKER_2011_MAR_03_00_29_7_1_0_399   (Release)   2011-03-03T00:33:03-0600   Running
 AnalysisEngine   S-SPYKER_2011_MAR_03_00_29_7_1_0_399   (Release)   2011-03-03T00:33:03-0600   NotRunning
 CollaborationApp  S-SPYKER_2011_MAR_03_00_29_7_1_0_399   (Release)   2011-03-03T00:33:03-0600   Running
 CLI  S-SPYKER_2011_MAR_03_00_29_7_1_0_399   (Release)   2011-03-03T00:33:03-0600

 

Could you help me to solve the problem?

best regards

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎10-18-2015 12:16 AM

Hi,

Please share the output of 'main.log' (search this from the 'show tech' of IPS).

Also if you wish, you could upgrade the IPS to latest version as current 7.1.(1) E4 is a very old version and it might be hitting some defects as well.

 

Regards,

Akshay Rastogi 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎10-18-2015 12:16 AM

Hi,

Please share the output of 'main.log' (search this from the 'show tech' of IPS).

Also if you wish, you could upgrade the IPS to latest version as current 7.1.(1) E4 is a very old version and it might be hitting some defects as well.

 

Regards,

Akshay Rastogi 

0 Helpful

Go to solution
s.ahmadi631
Level 1
Level 1
In response to Akshay Rastogi

‎10-18-2015 11:37 PM

Thank you for your response.

As you wanted me, I shared with you 'show tech' output in txt formats. I used putty and 'show tech-support' command and try to save it as a text file. I hope it would be informative for solving my problem. 

And also, I bought these devices (two ASAs and two IPSs) about 7 months ago. Current 7.1.(1) E4 IPS ios was on my IPSs by default. It would be very helpful if I had some information about IPS ios latest version and how to upgrade it. 

best regards.

 

Preview file
955 KB
0 Helpful

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee
In response to s.ahmadi631

‎10-21-2015 06:24 AM

Hi,

From the show tech i could see that Signature update was performed on below dates :

 

* IPS-sig-S888-req-E4       12:50:01 UTC Tue Oct 06 2015   


  IPS-sig-S889-req-E4.pkg   11:50:01 UTC Sat Oct 10 2015

 

Also i could see a global correlation is failing a lot and it is not working from a long time:

 

Output from show statistics global-correlation


Network Participation:


   Counters:


      Total Connection Attempts = 0


      Total Connection Failures = 0


      Connection Failures Since Last Success = 0


   Connection History:


Updates:


   Status Of Last Update Attempt = Failed


   Time Since Last Successful Update = 2671 minutes


   Counters:


      Update Failures Since Last Success = 533


      Total Update Attempts = 1379


      Total Update Failures = 543


   Update Interval In Seconds = 300


   Update Server = update-manifests.ironport.com


   Update Server Address = Unknown


   Current Versions:


      config = 1236210407


      drop = 1445070439


      ip = 1445073547


      rule = 1445066948

 

14Oct2015 12:12:06.080 0.000 sensorApp[30782] Syslog/F cidAssert: Condition failed: (allThreadsRunning == true),  Exiting due to unexpected thread exit (FILE: /view/ipsbuild-spyker/vob/csids_3/dev/apps/sensorApp/SensorApp.

14Oct2015 12:12:06.081 0.000 sensorApp[30782] Syslog/F errSystemError threadStart catch(CIDS logic exception) cidAssert: Condition failed: (allThreadsRunning == true),  Exiting due to unexpected thread exit (FILE: /view/ip

14Oct2015 12:12:07.337 835.393 mainApp[30431] Cid/W errWarning AppManager::ApplicationEntry::updateProcessStatus - Application "AnalysisEngine " terminated by request

14Oct2015 12:12:07.337 0.000 mainApp[30431] Cid/W errWarning - Sensor stopped normally

14Oct2015 12:18:24.541 377.204 collaborationApp[30836] rep/E A global correlation update failed: ExecLoadCollabUpdate control transaction failed: Unknown control transaction name

Try fixing global correlation on IPS and then check if the issue resolves( try resetting the module as well)

Find the link below to fix global correlation:

http://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/idm/idmguide7/idm_collaboration.html

 

I believe latest image for this model is 7.3.4 E4:

IPS-SSP_10-K9-7.3-4-E4.pkg

http://www.cisco.com/c/en/us/td/docs/security/ips/7-3/release/notes/release7-3-4.html

 

I would also recommend to have case open with tac during the upgrade.

 

Regards,

Akshay Rastogi

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card