03-02-2012 01:13 AM - edited 03-10-2019 05:37 AM
Hi all,
I've got an ASA 5510 running 8.4(2) with ASDM 6.4(5)205 and an AIP SSM-10 running 7.0(6).
About 2 weeks ago we had an unscheduled reboot on the ASA and since then I have been unable to connect to the SSM using ASDM.
Direct SSH access to the SSM works fine so I am happy the username/password combination is ok and there are no ACL issues. I can also session across from the ASA with no problem.
I have tried "hw-module module 1 reload" which didn't work which i then followed with a scheduled reboot of the ASA overnight. No dice.
I'm hoping someone here might be able to point me in the right direction......
Many thanks.
03-05-2012 02:53 AM
Hi
When you try to login to the IPS via ASDM the ASDM open a new connection to the IPS to be able to access it.
Can you check if the IP address of the ASA is still added to the permitted hosts on the IPS.
Else if you have an old config backup from the ASA you can compare it with the present config, can do the same for IPS as well
Sachin
03-12-2012 07:13 AM
Hi svaish,
I've not got an old config to hand for it unfortunately.
The SSM is pingable and I can SSH in ok from the same workstation. I had a look at the config and I've got an "access-list" entry for the internal IP of the ASA (/32) as well as the workstation I'm trying to access it via ASDM from.
If I connect to the ASA then go to "Conffiguration" -> "IPS" I get "Error connecting to sensor. Error Loading Sensor".
I can connect directly to the SSM via SSH with the same credentials ok though.
If I try to connect directly to the SSM with ASDM I get "Unable to launch device manager from 10.x.x.x".
What lines should I be looking for on the ASA and SSM module with regard to being able to connect?
Many thanks.
03-12-2012 07:35 AM
Can you try this
this will give you IDM access
IDM is a better tool to manage IPS so is IME
Related to the error on ASDM I would suggest you check the syslogs on the ASA, what do they say?
Regards,
Sachin
03-05-2012 10:21 PM
Hi,
I have some issue like this before..
i resolve with shutdown the ASA then open the module then install it again..
and everything normal agai,..
i hope this help you..
Arik
06-04-2013 02:35 AM
I had the same problem.
My device is Cisco ASA 5520 with AIP SSM-10.
I can use ASDM to manage ASA 5520 but cannot login to IPS (in IPS or Intrusion Prevension tab). It show me the error "Error connecting sensor. Error loading sensor".
I try to reset, reload and unplug/plug the module but it don't work.
This my ASA configuration:
ASA-FW# show run
: Saved
:
ASA Version 8.4(4)1
!
hostname ASA-FW
enable password Uonv5zOz/3IVv5nJ encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface GigabitEthernet0/0
description Connect to Internet
nameif outside
security-level 0
ip address 10.0.0.4 255.255.255.0
!
interface GigabitEthernet0/1
description Connect to DMZ
nameif inside
security-level 100
ip address 10.2.2.2 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
nameif DMZ
security-level 50
ip address 10.3.3.1 255.255.255.0
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
description Management
nameif management
security-level 0
ip address 192.168.1.1 255.255.255.0
!
ftp mode passive
access-list OUT-TO-DMZ extended permit tcp any host 10.1.1.2 eq smtp
access-list OUT-TO-DMZ extended permit tcp any host 10.1.1.2 eq www
access-list OUT-TO-DMZ extended permit icmp any any log
access-list OUT-TO-DMZ extended deny ip any any
access-list inside extended permit tcp any any eq pop3
access-list inside extended permit tcp any any eq smtp
access-list inside extended permit tcp any any eq ssh
access-list inside extended permit tcp any any eq telnet
access-list inside extended permit tcp any any eq https
access-list inside extended permit udp any any eq domain
access-list inside extended permit tcp any any eq domain
access-list inside extended permit tcp any any eq www
access-list inside extended permit ip any any
access-list inside extended permit icmp any any
access-list dmz extended permit ip any any
access-list dmz extended permit icmp any any
access-list acl_outside_in extended permit icmp any host 10.0.0.0
access-list acl_inside_in extended permit ip 10.2.2.0 255.255.255.0 any
access-list acl_dmz_in extended permit icmp 10.3.3.0 255.255.255.0 any
access-list traffic_for_ips extended permit ip any any
pager lines 24
logging enable
logging buffer-size 5000
logging monitor warnings
logging trap warnings
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
access-group acl_outside_in in interface outside
access-group acl_inside_in in interface inside
access-group acl_dmz_in in interface DMZ
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 DMZ
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
.....
quit
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 192.168.1.0 255.255.255.0 management
ssh 0.0.0.0 0.0.0.0 management
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
username tanhs password fqvYQWcKVO/db.2r encrypted
!
class-map inspection_default
match default-inspection-traffic
class-map ips_class_map
match access-list traffic_for_ips
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class ips_class_map
ips inline fail-open
!
service-policy global_policy global
prompt hostname context
service call-home
call-home reporting anonymous
call-home
contact-email-addr
profile CiscoTAC-1
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:74d15883f42aaeee6ac30522fe424aeb
: end
ASA-FW#
This is SSM confiuration:
AIP-SSM# show conf
! ------------------------------
! Current configuration last modified Tue Jun 04 00:34:02 2013
! ------------------------------
! Version 7.0(2)
! Host:
! Realm Keys key1.0
! Signature Definition:
! Signature Update S480.0 2010-03-24
! ------------------------------
service interface
exit
! ------------------------------
service authentication
exit
! ------------------------------
service event-action-rules rules0
variables DMZ address 10.3.3.0-10.3.3.255
variables IN address 10.2.2.0-10.2.2.255
exit
! ------------------------------
service host
network-settings
host-ip 192.168.1.2/24,192.168.1.1
host-name AIP-SSM
telnet-option disabled
access-list 10.0.0.0/8
access-list 10.1.1.0/24
access-list 10.2.2.0/24
access-list 10.3.3.0/24
access-list 172.16.0.0/16
access-list 192.168.1.0/24
login-banner-text VISEC IDS/IPS
dns-primary-server disabled
dns-secondary-server disabled
dns-tertiary-server disabled
http-proxy no-proxy
exit
time-zone-settings
offset 0
standard-time-zone-name CST
exit
exit
! ------------------------------
service logger
exit
! ------------------------------
service network-access
exit
! ------------------------------
service notification
exit
! ------------------------------
service signature-definition sig0
signatures 2000 0
alert-severity high
engine atomic-ip
event-action produce-alert|produce-verbose-alert
exit
alert-frequency
summary-mode fire-all
summary-key AxBx
exit
exit
status
enabled true
exit
exit
signatures 2004 0
alert-severity high
engine atomic-ip
event-action produce-alert|produce-verbose-alert
exit
alert-frequency
summary-mode fire-all
summary-key AxBx
exit
exit
status
enabled true
exit
exit
signatures 60000 0
alert-severity high
sig-fidelity-rating 75
sig-description
sig-name Telnet Command Authorization Failure
sig-string-info Command authorization failed
sig-comment signature triggers string command authorization failed
exit
engine atomic-ip
specify-l4-protocol yes
l4-protocol tcp
no tcp-flags
no tcp-mask
exit
specify-payload-inspection yes
regex-string Command authorization failed
exit
exit
exit
exit
exit
! ------------------------------
service ssh-known-hosts
exit
! ------------------------------
service trusted-certificates
exit
! ------------------------------
service web-server
enable-tls true
port 443
server-id Nothing to see here. Move along.
exit
! ------------------------------
service anomaly-detection ad0
exit
! ------------------------------
service external-product-interface
exit
! ------------------------------
service health-monitor
exit
! ------------------------------
service global-correlation
exit
! ------------------------------
service analysis-engine
virtual-sensor vs0
physical-interface GigabitEthernet0/1
exit
exit
AIP-SSM#
Could anyone help me?
Thanks in advanced.
06-04-2013 06:59 PM
Hi Ho Sy Tan,
Try Cisco IME (Cisco IPS Manager Express), this is powerfull management for cisco IPS.
Thanks,
Arik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide