05-03-2011 02:04 AM - edited 03-11-2019 01:28 PM
Hi forumers'
My client ASA CSC seem cannot login again after the update the patch from trend micro interscan.
below is the snapshot i found at my firewall.
i search the Troubleshooting Trend Micro InterScan for Cisco CSC SSM and found this
Error Message %ASA-3-421001: TCP|UDP flow from interface_name:ip/port to
interface_name:ip/port is dropped because application has failed.
Explanation A packet was dropped because the CSC SSM application failed. By default, this message is rate limited to 1 message every 10 seconds.
interface_name—The interface name.
IP_address—The IP address.
port—The port number.
application—The CSC SSM is the only application supported in the current release.
Recommended Action Immediately investigate the problem with the service module
action plan:
1. what should i do, reboot the machine?
2. would it be the SSM-CSC module having problem or the trend micro patch causing it? previously don't have any probelm after the update
3. if want to revert to older version, what should i do?
thanks
Noel
Solved! Go to Solution.
05-05-2011 11:09 PM
Noel,
Here are my suggestions for you:
Regarding the issue, you are unable to login to the CSC module anymore after an upgrade. Could you tell me what version did you upgrade to and from and the filename and filesize of the image uploaded. You may need to do re-image if the below troubleshooting doesn't recover it. 1. Check if the module is up/up. Try resetting the module via "hw-module module 1 reset". 2. Once the module is up, try to relogin via CLI. - Use "session 1" from the ASA to access the CSC's CLI. - The status of the module can be determine via "show module 1". Ensure the "Status" and the "Data Plane Status" indicate its "Up" before executing the session command. 3. Try the password you know. If that doesn't work, try the default password of "cisco". - If the default password cisco works, it will ask for it again before changing to a new password.
4. If the above step does not work then we might need to do password-reset on the CSC, below is the document for it:
http://www.cisco.com/en/US/partner/products/ps9774/products_password_recovery09186a00807f5a59.shtml
Here's the re-image procedure in case the above didn't make any difference: http://www.cisco.com/en/US/docs/security/csc/csc63/administration/guide/cscappb.html#wp1008984
Note that for reimage procedure, you use the file .bin (e.g. 6.3.1172.0.bin) instead of the .pkg.
05-03-2011 02:16 AM
sorry guys, i haven't put my problem statement
PROBLEM STATEMENT
1. after the CSC pattern update, i can't console into the CSS, neither ASDM or https://x.x.x.x:8443
2. still able to ping the management IP for the SSM-CSC
3. the CSC module still functioning. example: it can block the blacklist URL
I try =reboot the firewall, the problem still retain. the ASA platform is 5510, running on ASA8.3.1 and ASDM 6.3.1
Thanks
Noel
05-05-2011 11:09 PM
Noel,
Here are my suggestions for you:
Regarding the issue, you are unable to login to the CSC module anymore after an upgrade. Could you tell me what version did you upgrade to and from and the filename and filesize of the image uploaded. You may need to do re-image if the below troubleshooting doesn't recover it. 1. Check if the module is up/up. Try resetting the module via "hw-module module 1 reset". 2. Once the module is up, try to relogin via CLI. - Use "session 1" from the ASA to access the CSC's CLI. - The status of the module can be determine via "show module 1". Ensure the "Status" and the "Data Plane Status" indicate its "Up" before executing the session command. 3. Try the password you know. If that doesn't work, try the default password of "cisco". - If the default password cisco works, it will ask for it again before changing to a new password.
4. If the above step does not work then we might need to do password-reset on the CSC, below is the document for it:
http://www.cisco.com/en/US/partner/products/ps9774/products_password_recovery09186a00807f5a59.shtml
Here's the re-image procedure in case the above didn't make any difference: http://www.cisco.com/en/US/docs/security/csc/csc63/administration/guide/cscappb.html#wp1008984
Note that for reimage procedure, you use the file .bin (e.g. 6.3.1172.0.bin) instead of the .pkg.
05-05-2011 11:51 PM
Hi Varun,
Yeah, problem resolve after i CLI to the SSM-CSC.
Just want to know what is the root bause of this? The version in sue is 6.3.1172.0
thanks
Noel
05-06-2011 12:22 AM
Noel,
There si no specific reason why this issue occured, for this we would need to dig into the logs and debugs from the time of the issue, which I am sure is not possible since you were not able to log into the CSC.
One important suggestion on my part:
Upgrade the CSC to either 6.3.1172.3 or 6.3.1172.4, these are the latest versions and if there is any issue with the code, it would eliminate that.
Let me know if you have any questions.
Thanks,
Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide