I have two questions that I would like some help with please.
I am trying to log onto our ASA-SSM-10 IPS sensor via the Cisco IME client and I get the following error "Exception when initializing the SSL"
I have tried generating new SSL keys on the ASA-SSM-10 with the tls generate-key command but this has not helped.
Can any one advise on how to resolve this problem?
The second question I had was is it possible to use the Cisco IME client to monitor remote sensors? In other words we have two sites and each site has a pair of SSM-10 sensors and we are currently managing them via the Cisco IME client on each site. Can we use either IME client on either site to see all four sensors?
Thanks in advance for your time
To answer your questions:
1. This is sometimes seen when the connection between the IME system and the sensor traverses a proxy server, or if IME is not run as an administrative user.
2. IME can monitor any sensor to which it has constant connectivity, so it should be possible to monitor all four sensors from a single IME system. Things to keep in mind:
Thanks for the reply...issue one was resolved by re-installing the client and java
With regards to issue 2...The is no vpn etc between the two sites and the link is deffinately up...When I try to add the opposite sites sensors to the IME client I get the error "IOException when try to get certificate: connect timed out"
Any ideas what this might be?
EDIT: I have just noticed that the two sites are running different IPS software versions....one site is running 7.0(4)E4 on the IPS and the other site is running 6.0(6)E3.... Both sites are running 8.2(1)11 on the ASA's though...
Can you connect to the remote sensor via IDM (the built-in GUI):
Other things to check:
Hi Scott thanks for the quick reply
I cannot get to the sensor via https remote as you suggested and ive checekd the firewall and its deffo letting https through so not the firewall and not any network outage/connectivity either...
How can I check for remote sensor access-list allows IME station's IP address? I am currently logged onto the sensor via the local IME client...
Within IME navigate to:
Configuration>Sensor Setup>Allowed Hosts/Networks
You will see a list of allowed networks/hosts.
Yes the networks are allowed so its not the sensor blocking it either
Could the difference in software between the two sites and their sensors play a part? Ive noticed that one site is running 6.0 and the other site is running the latest 7.0 on the sensors?
What version of IME is being used?
IME 7.0 can monitor IPS 6.0 sensors, but cannot perform configuration.
IME 6.0 cannot monitor/manage IPS 7.0 sensors.
Is there any sort of proxy server between the IME system and the remote sensors?
That you cannot connect using IDM (via the https method) indicates a connectivity issue between the IME system and the remtoe IPS. You will need to troubleshoot the connection between the two devices. You may need to perform packet captures at various points along the path to verify the expected traffic is passing each point.
You can make use of the IPS CLI's packet display command to monitor incoming connections from your remote system:
sensor# packet display gigabitethernet0/0 expression port 443
You may want to include only the IP address of the IME system to eliminate the local IME connections from the output. Use ctrl-c or q to exit the packet display.
Thanks for that....
I ran the command and then I attempted to add the sensor that I ran the command on, to the remote IME client...
I deffo saw the entry in the command output
19:08:54.587530 IP 172.xx.xxx.xxx.56336 > 172.xx.xxx.xxx.443: S 2155760626:2155760626(0) win 8192
The first address is the host on site A which has the IME client and the second address is of the IPS sensor on site B that I ran the command on...
Hope that makes sense but none of that output makes any sense to me....
From the looks of it the sensor is deffo seeing the connection on port 443 from the remote IME client but just for some reason it wont connect.