Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1004
Views
0
Helpful
4
Replies

problem after ASA SSM-CSC update

Go to solution
yong khang NG
Level 5
Level 5

‎05-03-2011 02:04 AM - edited ‎03-11-2019 01:28 PM

Hi forumers'

My client ASA CSC seem cannot login again after the update the patch from trend micro interscan.

below is the snapshot i found at my firewall.

i search the Troubleshooting Trend Micro InterScan for Cisco CSC SSM and found this

Traffic Dropped Because of CSC Card Failure [3-421001]

Error Message    %ASA-3-421001: TCP|UDP flow from interface_name:ip/port to 
interface_name:ip/port is dropped because application has failed.

Explanation   A packet was dropped because the CSC SSM application failed. By default, this  message is rate limited to 1 message every 10 seconds.

interface_name—The interface name.

IP_address—The IP address.

port—The port number.

application—The CSC SSM is the only application supported in the current release.

Recommended Action   Immediately investigate the problem with the service module

action plan:

1. what should i do, reboot the machine?

2. would it be the SSM-CSC module having problem or the trend micro patch causing it? previously don't have any probelm after the update

3. if want to revert to older version, what should i do?

thanks

Noel

Labels:
Preview file
93 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
varrao
Level 10
Level 10
In response to yong khang NG

‎05-05-2011 11:09 PM

Noel,


Here are my suggestions for you:


Regarding the issue, you are unable to login to the CSC module anymore after an upgrade. Could you tell me what version did you upgrade to and from and
the filename and filesize of the image uploaded. You may need to do 
re-image if the below troubleshooting doesn't recover it.

1. Check if the module is up/up. Try resetting the module via "hw-module module 1 reset".
2. Once the module is up, try to relogin via CLI. 
- Use "session 1" from the ASA to access the CSC's CLI. 
- The status of the module can be determine via "show module 1". Ensure 
the
"Status" and the "Data Plane Status" indicate its "Up" before executing 
the
session command. 
3. Try the password you know. If that doesn't work, try the default 
password of "cisco".
- If the default password cisco works, it will ask for it again before
changing to a new password.
4. If the above step does not work then we might need to do password-reset on the CSC, below is the document for it:
http://www.cisco.com/en/US/partner/products/ps9774/products_password_recovery09186a00807f5a59.shtml

 Here's the re-image procedure in case the above didn't make any difference:
http://www.cisco.com/en/US/docs/security/csc/csc63/administration/guide/cscappb.html#wp1008984

Note that for reimage procedure, you use the file .bin (e.g. 
6.3.1172.0.bin)
instead of the .pkg.
Thanks,
Varun Rao

View solution in original post

0 Helpful
4 Replies 4

Go to solution
yong khang NG
Level 5
Level 5

‎05-03-2011 02:16 AM

sorry guys, i haven't put my problem statement

PROBLEM STATEMENT

1. after the CSC pattern update, i can't console into the CSS, neither ASDM or https://x.x.x.x:8443

2. still able to ping the management IP for the SSM-CSC

3. the CSC module still functioning. example: it can block the blacklist URL

I try =reboot the firewall, the problem still retain. the ASA platform is 5510, running on ASA8.3.1 and ASDM 6.3.1

Thanks

Noel

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to yong khang NG

‎05-05-2011 11:09 PM

Noel,


Here are my suggestions for you:


Regarding the issue, you are unable to login to the CSC module anymore after an upgrade. Could you tell me what version did you upgrade to and from and
the filename and filesize of the image uploaded. You may need to do 
re-image if the below troubleshooting doesn't recover it.

1. Check if the module is up/up. Try resetting the module via "hw-module module 1 reset".
2. Once the module is up, try to relogin via CLI. 
- Use "session 1" from the ASA to access the CSC's CLI. 
- The status of the module can be determine via "show module 1". Ensure 
the
"Status" and the "Data Plane Status" indicate its "Up" before executing 
the
session command. 
3. Try the password you know. If that doesn't work, try the default 
password of "cisco".
- If the default password cisco works, it will ask for it again before
changing to a new password.
4. If the above step does not work then we might need to do password-reset on the CSC, below is the document for it:
http://www.cisco.com/en/US/partner/products/ps9774/products_password_recovery09186a00807f5a59.shtml

 Here's the re-image procedure in case the above didn't make any difference:
http://www.cisco.com/en/US/docs/security/csc/csc63/administration/guide/cscappb.html#wp1008984

Note that for reimage procedure, you use the file .bin (e.g. 
6.3.1172.0.bin)
instead of the .pkg.
Thanks,
Varun Rao
0 Helpful

Go to solution
yong khang NG
Level 5
Level 5
In response to varrao

‎05-05-2011 11:51 PM

Hi Varun,

Yeah, problem resolve after i CLI to the SSM-CSC.

Just want to know what is the root bause of this? The version in sue is 6.3.1172.0

thanks

Noel

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to yong khang NG

‎05-06-2011 12:22 AM

Noel,

There si no specific reason why this issue occured, for this we would need to dig into the logs and debugs from the time of the issue, which I am sure is not possible since you were not able to log into the CSC.

One important suggestion on my part:

Upgrade the CSC to either 6.3.1172.3 or 6.3.1172.4, these are the latest versions and if there is any issue with the code, it would eliminate that.

Let me know if you have any questions.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card