cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3592
Views
8
Helpful
9
Replies

Error connecting to sensor. Error loading sensor

rebelscum
Beginner
Beginner

Hi, this might be a basic question but I would appreciate any help at all.

I have an ASA 5510 with SSM-10 module. Firewall all working fine, still haven't managed to log in to the IPS module, I keep getting the error

"Error connecting to sensor. Error loading sensor".

I believe the username + pw will be the default cisco pw (they should be, I have gone to Tools > IPS password reset). I just want to verify what would the IP address of the IPS module be? [I have previously changed my management port to 192.168.2.1].

Also where exactly should the SSM-10 ethernet port be connected to, physically? The management port or a switch on my LAN? Or do I activate one of the spare interfaces & connect it to one of those? Sorry just a bit confused.

IPS login.PNG

9 Replies 9

Arsen Gharibyan
Beginner
Beginner

Hello . 1 st you need to connect interface on IPS (Management only) to your switch and have proper routing if it uses different subnet (other than ur LAN)

2. to identify the ip address do following

ASA# show module 1 detail --- it will show all configuration

3. login thru CLI to test the password

ASA# session 1

Thanks very much for your reply, CLI entries below:

Result of the command: "show module 1 detail"

Getting details from the Service Module, please wait...

ASA 5500 Series Security Services Module-10

Model:              ASA-SSM-10

Hardware version:   1.0

Firmware version:   1.0(11)5

Software version:   7.0(2)E4

App. name:          IPS

App. Status:        Up

App. Status Desc: 

App. version:       7.0(2)E4

Data plane Status:  Up

Status:             Up

Mgmt IP addr:       192.168.1.2                                               

Mgmt Network mask:  255.255.255.0                                             

Mgmt Gateway:       192.168.1.1                                               

Mgmt web ports:     443                                                       

Mgmt TLS enabled:   true

- - - - - - - - - - - - - - - -

& when I enter 'session 1' this is what I get:

Result of the command: "session 1"

Opening command session with slot 1.

Connected to slot 1. Escape character sequence is 'CTRL-^X'.

Command session with slot 1 terminated.

Remote card closed command session. Press any key to continue.

- - - - - - -  -- - - - - - - - - -

When I first set up the firewall I changed the default management port interface from 192.168.1.1 to 192.168.2.1 because our voip network is already using 192.168.1.1. However to test if this could be related to the problem I enabled the spare interface & configured it as '192.168.1.1', I could log in to ASDM but couldn't get to IPS.

It sounds like your AIP-SSM is sick. It shouldn't reject a "session 1" connection via the backplane (ASA's CLI).

Check the status of your AIP-SSM with a "show module 1" from the ASA CLI. It should look similar to what's shown below. If the module status is not "Up", you can reset, reload, recover or reimage it.

http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clissm.html#wp1034193

- Bob

ASA# show module 1

Mod  Card Type                                    Model              Serial No.

---- -------------------------------------------- ------------------ -----------

   1 ASA 5500 Series Security Services Module-10  ASA-SSM-10         JAF5551111

Mod  MAC Address Range                 Hw Version   Fw Version   Sw Version

---- --------------------------------- ------------ ------------ ---------------

   1 001a.xxxx.xxxx to 001a.xxxx.xxxx  1.0          1.0(11)2     7.1(6)E4

Mod  SSM Application Name           Status           SSM Application Version

---- ------------------------------ ---------------- --------------------------

   1 IPS                            Up               7.1(6)E4

Mod  Status             Data Plane Status     Compatibility

---- ------------------ --------------------- -------------

   1 Up                 Up

the only way to change the IP address is to login to the IPS module.

If you IPS show all UP

the commands are :

sensor#conf t

service host

network-settings

host-ip  X.X.X.X/24,DefaultGateway

P.S add ACL allowing management from same network

or just reimage the ips

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_system_images.html#wp1332070

I did finally manage to run a 'session 1' via putty, & if I then run 'setup' which takes me through the setup process.

In the 'acl' part of the setup I permitted the management & inside networks. I also tried changing the ip address of the IPS & the gateway to correspond with the management port ip ie 192.168.2.2/24,192.168.2.1

However I still can't log in to IPS via ASDM - same 'error loading sensor'.

I ran a show module 1 (below), which I think looks ok.

Result of the command: "show module 1"

Mod Card Type                                    Model              Serial No.

--- -------------------------------------------- ------------------ -----------

1 ASA 5500 Series Security Services Module-10  ASA-SSM-10         JAF1545555

Mod MAC Address Range                 Hw Version   Fw Version   Sw Version   

--- --------------------------------- ------------ ------------ ---------------

  1 30e4xxxxxxxx to 30e4xxxxxxxxxx  1.0          1.0(11)5     7.0(2)E4

Mod SSM Application Name           Status           SSM Application Version

--- ------------------------------ ---------------- --------------------------

  1 IPS                            Up               7.0(2)E4

Mod Status             Data Plane Status     Compatibility

--- ------------------ --------------------- -------------

  1 Up                 Up                   

**********************

In SSH, when I 1st log in, I get this license notice, is that relevant?

***LICENSE NOTICE***

There is no license key installed on the SSM-IPS10.

The system will continue to operate with the currently installed

signature set.  A valid license must be obtained in order to apply

signature updates.  Please go to http://www.cisco.com/go/license

to obtain a new license or install a license.

**********************