Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
802
Views
0
Helpful
1
Replies

Cisco ASA IPS module crashes randomly

secureIT
Level 4
Level 4

‎03-29-2016 05:14 AM - edited ‎03-10-2019 06:34 AM

Hi All,

I have an ASA 55xx firewall where ASA-SSM-20 is installed and running with version 7.1(10)E4, device has a valid license as well.
The IPS module is getting rebooted automatically once in 2-3 days, and below are the logs captured during the problem.
Can someone assist in finding the cause and fix for this issue.


signature version:-
==============
Signature Update    S912.0            2016-03-04

From the logs, i got only errSystemError - Card Manager error -1 as a suspected log.

28Mar2016 18:43:28.470 0.612 mainApp[1019] Cid/E errSystemError AppManager::AppManager - Application path does not exist: /usr/cids/idsRoot/bin/switchApp
Begin syslogReader
28Mar2016 18:43:28.612 0.142 mainApp[1019] Cid/E errSystemError MainAppCfg::readRecoveryHostFile - error trying to restore network settings
28Mar2016 18:43:28.638 0.026 mainApp[1019] IdsEventStore/W errWarning -- Event store open archive for input failed [IdsEventStore::Data::Data()]
28Mar2016 18:43:28.638 0.000 mainApp[1019] IdsEventStore/W errWarning -- Event store set to default size [IdsEventStore::Data::Data()]
28Mar2016 18:43:28.643 0.005 mainApp[1019] IdsEventStore/W errWarning Event store circular buffer may be in an invalid state, recovering ... [IdsEventStore::init()]
28Mar2016 18:43:52.373 0.000 logApp[1203] Cid/W Disabled status event logging for status category: controlTransaction
28Mar2016 18:43:53.560 1.187 interface[1205] Cid/W errWarning Inline data bypass has started due to reason unknown.
28Mar2016 18:43:56.494 2.934 sensorApp[1235] sensorApp/W The AIC (application-policy) engine will soon be deprecated and is off by default. The application-policy-enforcement-http signatures won't be built
28Mar2016 18:43:56.539 0.045 collaborationApp[1237] Cid/W Warning - DNS or HTTP proxy is required for global correlation inspection and reputation filtering but no DNS or proxy servers are defined.
Add an HTTP proxy server or DNS server in the 'host' service configuration.
28Mar2016 18:44:05.482 8.943 cidwebserver[1212] tls/W errTransport WebSession::sessionTask TLS connection exception: handshake incomplete.
Messages, like this one, in the category - TLS connection failure - were logged 1 times in the last 0 seconds.
28Mar2016 18:44:35.857 1.452 sensorApp[1235] Cid/W AnalysisEngine reconfiguration complete.
28Mar2016 18:44:35.859 0.002 mainApp[1019] Cid/E errSystemError - Card Manager error -1: cmgr_send_version_msg [F1ControlPlane::checkCmgrResult]
28Mar2016 18:44:35.878 0.019 interface[1205] Cid/W errWarning Inline data bypass has stopped.

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-29-2016 06:26 AM

It could very well be a hardware issue.

Since you have a current IPS subscription service, you must also have TAC support on the hardware as that's a prerequisite on the older type of IPS. So I'd recommend going straight to a TAC case.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card