Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1877
Views
15
Helpful
7
Replies

ASA5585-SSP-IPS40 Inspection Load 0 with Missed Packets at 50% or more

Go to solution
krussell
Level 1
Level 1

‎11-28-2012 12:41 PM - edited ‎03-10-2019 05:50 AM

The IPS40 is showing missed packets yet the Inspection Load remains at 0.

Two questions.

1. What would cause Missed Packets and is there a "best" method to troubleshot the situation?

2. Why does the Inspection Load remain at 0?

vs0 is currently assigned to PortChannel0/0 (Backplane interface)

Thanks,

Kevin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kyle Bolton
Cisco Employee
Cisco Employee

‎01-25-2013 08:43 AM

Theres a known bug in 7.1.6 that causes this.

CSCud36621

Rebooting the sensor will fix it for a period of time. Fix is scheduled in 7.1.7

Bookmark it, we can blow it up later.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎11-28-2012 05:49 PM

Hello Kevin,

Importan to let you know that for missed packets the IPS count packets being dropped byL2errors and oversupscription.

Based on the load being on 0 I would say it would make sense to think about L2 errors, is there a way you could doble check the layer 2 connectivity between them.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
krussell
Level 1
Level 1
In response to Julio Carvajal

‎12-18-2012 11:45 AM

The IPS and Firewall are connected through PortChannel0/0. Not sure how you can check L2 connectivity on a backplane connection. Any ideas?

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to krussell

‎12-18-2012 12:26 PM

Hello Kevin,

What version are you running

Also share the following:

show stat virt

show int

Also over the show tech look the following :

exec: cat /proc/net/cisco/cids-shared.info

And let me know the free buffer percentage you see there

Regards,

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
krussell
Level 1
Level 1
In response to krussell

‎12-20-2012 11:05 AM

jcarvaja,

Attached is the information you requested. Let me know if you need anything else. Thanks for your help!

Kevin

140312-CiscoForumReply.txt.zip
0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to krussell

‎12-26-2012 05:25 PM

Hello Kevin,

On the show tech I do not see the missed packet percentage on 50 % or any other value than 0

Can you double check that please

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
krussell
Level 1
Level 1
In response to Julio Carvajal

‎01-24-2013 07:59 AM

jcarvaja,

Having just witnessed another indication form the Sensor Health gadget that packets were being missed, I again ran the commands you suggested with a result of 0 missed packets in the output. Is it possible the Sensor Health gadget is reporting false indications?

Thanks,

Kevin

0 Helpful

Go to solution
Kyle Bolton
Cisco Employee
Cisco Employee

‎01-25-2013 08:43 AM

Theres a known bug in 7.1.6 that causes this.

CSCud36621

Rebooting the sensor will fix it for a period of time. Fix is scheduled in 7.1.7

Bookmark it, we can blow it up later.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card