04-20-2016 05:08 AM - edited 03-12-2019 12:38 AM
Hello All,
I tried to run IPS IDM of my ASA 5545 from the inside interface however its not.....its saying "problem loading sensor"
Also i am able to access IPS from the command line but not through the IDM.
Any help would be highly appreciated.
Thanks
04-21-2016 01:48 AM
The IPS module uses the management interface on the ASA. Have you definitely got this plugged in?
04-21-2016 02:54 AM
Hello Philip,
Actually the case is that i am using my ASDM via the inside interface of the ASA,so i want to access the IPS module using the same interface....my management interface is not connected to anything..
thanks
04-21-2016 07:25 AM
Hello,
If you want to access the IPS using an ip address on the same range of the inside interface of the ASA, you will need to configure the IPS with an ip address on the inside range and connect the management interface of the ASA to the same switch that the inside interface is connected to, turn on the management interface by issuing the no shutdown command, but do not configure on the management interface nameif, security level and ip address.
Hope this helps...
04-25-2016 07:47 AM
Hello,
I configured the IPS with the same ip address as on the inside range and connected the management interface to the same switch with no nameif,security level and ip address.,
however i am still not able to connect to the IPS saying
"error connecting to the Sensor..error loading sensor"
Thanks
04-25-2016 07:55 AM
04-25-2016 08:12 AM
You will always be able to access the IPS from the ASA using session as it is like a console access.
I think you have forgotten to add the allowed subnet / IP to access the IPS in the configuration.
conf t
service host
network
access-list xxx.xxx.xxx.xxx/yy
replace the x's with the actual IP or subnet you are managing the IPS from and replace the /yy with the subnet mask you are using.
--
Please remember to select a correct answer and rate helpful posts
04-25-2016 08:49 AM
Hello All,
Do i need to configure this on ASA?
Also let me know use of the Service host command?
Thanks
04-25-2016 08:58 AM
This is done on the IPS .
The service host command is the command to get into the section where you configure management of the IPS, hostname, NTP, etc.
--
Please remember to select a correct answer and rate helpful posts
04-25-2016 09:54 AM
Hello,
This is already done by me.....i allowed the subnet as well in the access-list.
Still dont know where i am going wrong...
as i told you i am not able to ping next hop from the IPS.
Thanks
04-25-2016 10:17 AM
Could you provide the full configuration of the ASA please.
show configuration
Also, have you placed the switchport the management interface is connected to in the correct VLAN?
--
Please remember to select a correct answer and rate helpful posts
04-25-2016 11:45 PM
Hello Marius,
Sorry to say can't post whole config as this is our production firewall...
let me know if you need some specific outputs...
Thanks
05-02-2016 04:51 AM
Can you confirm that you have the management interface connected to the network please.
--
Please remember to select a correct answer and rate helpful posts
04-21-2016 08:29 AM
As it has been mentioned by other posters, IPS can only be managed via the management interface on the ASA so you MUST connect the management interface to the network, as well as configure the IPS with a management IP.
--
Please remember to select a correct answer and rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide