Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
815
Views
5
Helpful
4
Replies

Cannot get into sensor from IME or ASDM

Go to solution
Colin Higgins
Level 2
Level 2

‎06-18-2013 03:04 PM - edited ‎03-10-2019 05:59 AM

I have a brand new ASA 5515X.

I sessioned into the sensor from the CLI, gave the sensor a name, applied a password to the account, kept the default IP address of 192.168.1.2 (the ASA management address is 192.168.1.1), changed the time zone and DNS settings, and left everything else at defaults.

However, when I try to contact the sensor using IME (or ASDM) from the management network, I get a message saying sensor cannot be contacted or loaded.

I can't ping the sensor (not sure if this is permitted), but I can ping the management interface on the ASA.

What am I missing here?

below are the details of the module

ENG-ASA-01# sho module ips details

Getting details from the Service Module, please wait...

Card Type:          ASA 5515-X IPS Security Services Processor

Model:              ASA5515-IPS

Hardware version:   N/A

Serial Number:      FCH1714JA2C

Firmware version:   N/A

Software version:   7.1(4)E4

MAC Address Range:  bc16.6520.ca86 to bc16.6520.ca86

App. name:          IPS

App. Status:        Up

App. Status Desc:   Normal Operation

App. version:       7.1(4)E4

Data Plane Status:  Up

Status:             Up

License:            IPS Module  Enabled  perpetual

Mgmt IP addr:       192.168.1.2

Mgmt Network mask:  255.255.255.0

Mgmt Gateway:       192.168.1.1

Mgmt web ports:     443

Mgmt TLS enabled:   true

ENG-ASA-01#

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ali-franks
Level 1
Level 1

‎06-19-2013 01:36 AM

Hi Colin,

I have a similar issue.

No doubt you've read the world's supply of documentation as well, but I still can't resolve this. My issue is not quite the same but very similar. It's not quite the same as there are different interfaces that have been configured for management.

I thought I might be on to something when I read this, so I hope this may be of use to you:

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a0080bd5d03.shtml

What I have is ASDM not able to contact the IPS via the IPS button. one thing I have noticed is that when logging is set to info, I get an output saying that Anti-Spoofing denied a packet from A to B etc - I'm looking in to this.

Do you get any similar output?

Cheers

Ali

View solution in original post

4 Replies 4

Go to solution
ali-franks
Level 1
Level 1

‎06-19-2013 01:36 AM

Hi Colin,

I have a similar issue.

No doubt you've read the world's supply of documentation as well, but I still can't resolve this. My issue is not quite the same but very similar. It's not quite the same as there are different interfaces that have been configured for management.

I thought I might be on to something when I read this, so I hope this may be of use to you:

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a0080bd5d03.shtml

What I have is ASDM not able to contact the IPS via the IPS button. one thing I have noticed is that when logging is set to info, I get an output saying that Anti-Spoofing denied a packet from A to B etc - I'm looking in to this.

Do you get any similar output?

Cheers

Ali

Go to solution
smetieh001
Level 1
Level 1
In response to ali-franks

‎06-20-2013 08:13 AM

confirm if your Computer is in thesame subnet as the management network

Did you configure and access-list?

Can you send your show config for us to see?

0 Helpful

Go to solution
Colin Higgins
Level 2
Level 2
In response to ali-franks

‎06-20-2013 08:29 AM

Well this is weird. I changed the IP of the IPS module to the same subnet as the inside interface in an effort to get into it. That didn't work.

Then I switched it back to the management network, and magically, I was able to ping and get in.

Not sure what happened there.

0 Helpful

Go to solution
smetieh001
Level 1
Level 1
In response to Colin Higgins

‎06-21-2013 05:19 AM

Great!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card