06-18-2013 03:04 PM - edited 03-10-2019 05:59 AM
I have a brand new ASA 5515X.
I sessioned into the sensor from the CLI, gave the sensor a name, applied a password to the account, kept the default IP address of 192.168.1.2 (the ASA management address is 192.168.1.1), changed the time zone and DNS settings, and left everything else at defaults.
However, when I try to contact the sensor using IME (or ASDM) from the management network, I get a message saying sensor cannot be contacted or loaded.
I can't ping the sensor (not sure if this is permitted), but I can ping the management interface on the ASA.
What am I missing here?
below are the details of the module
ENG-ASA-01# sho module ips details
Getting details from the Service Module, please wait...
Card Type: ASA 5515-X IPS Security Services Processor
Model: ASA5515-IPS
Hardware version: N/A
Serial Number: FCH1714JA2C
Firmware version: N/A
Software version: 7.1(4)E4
MAC Address Range: bc16.6520.ca86 to bc16.6520.ca86
App. name: IPS
App. Status: Up
App. Status Desc: Normal Operation
App. version: 7.1(4)E4
Data Plane Status: Up
Status: Up
License: IPS Module Enabled perpetual
Mgmt IP addr: 192.168.1.2
Mgmt Network mask: 255.255.255.0
Mgmt Gateway: 192.168.1.1
Mgmt web ports: 443
Mgmt TLS enabled: true
ENG-ASA-01#
Solved! Go to Solution.
06-19-2013 01:36 AM
Hi Colin,
I have a similar issue.
No doubt you've read the world's supply of documentation as well, but I still can't resolve this. My issue is not quite the same but very similar. It's not quite the same as there are different interfaces that have been configured for management.
I thought I might be on to something when I read this, so I hope this may be of use to you:
http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a0080bd5d03.shtml
What I have is ASDM not able to contact the IPS via the IPS button. one thing I have noticed is that when logging is set to info, I get an output saying that Anti-Spoofing denied a packet from A to B etc - I'm looking in to this.
Do you get any similar output?
Cheers
Ali
06-19-2013 01:36 AM
Hi Colin,
I have a similar issue.
No doubt you've read the world's supply of documentation as well, but I still can't resolve this. My issue is not quite the same but very similar. It's not quite the same as there are different interfaces that have been configured for management.
I thought I might be on to something when I read this, so I hope this may be of use to you:
http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a0080bd5d03.shtml
What I have is ASDM not able to contact the IPS via the IPS button. one thing I have noticed is that when logging is set to info, I get an output saying that Anti-Spoofing denied a packet from A to B etc - I'm looking in to this.
Do you get any similar output?
Cheers
Ali
06-20-2013 08:13 AM
confirm if your Computer is in thesame subnet as the management network
Did you configure and access-list?
Can you send your show config for us to see?
06-20-2013 08:29 AM
Well this is weird. I changed the IP of the IPS module to the same subnet as the inside interface in an effort to get into it. That didn't work.
Then I switched it back to the management network, and magically, I was able to ping and get in.
Not sure what happened there.
06-21-2013 05:19 AM
Great!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide