What could be the reason for ASA throwing this syslog everyday exactly when the signatures are configured for auto-update:
%ASA-6-420005: Virtual Sensor vs0 was deleted from the AIP SSM
As per Cisco documentation, vs0 cannot be deleted.
Immediately after the above message, following message is generated:
%ASA-1-323006: Module ips experienced a data channel communication failure, data channel is DOWN.
Then, after around a minute, following syslog is generated telling that vs0 was added back to the IPS:
%ASA-6-420004: Virtual Sensor vs0 was added on the AIP SSM
And finally, we get following syslog showing that IPS module is back up:
%ASA-1-505011: Module ips data channel communication is UP
So, it looks like that somehow, vs0 gets deleted from the IPS module which results in IPS experiencing data channel communication failure. Then vs0 automatically gets added back and IPS comes back up.
The cycle of above syslogs is seen daily at the same time.
Please note that we don't have license present on the IPS module.
So, it looks like this is what could be happening:
- At configured update time everyday, the IPS module tries upgrading the signature. The signatures get downloaded successfully and when IPS module tries to apply them, it realizes that the license is missing, so it tries to roll back and that’s when all those messages start coming up (even though still vs0 shouldn’t have been deleted)
I was helping some friends and they were trying to solve a scalable VPN issues, specially these days with the pandemic situation.
I recommended to implement ASA VPN Load-Balancing.
This will allow to keep 1 FQDN for all RA-VPN users an...
Purpose of this article is to share our experience during that Covid-19 period where we were able to successfully setup a VPN configuration for remote worker using Alcatel 8068S phones with FTD 2110 running 188.8.131.52.I would like to thank all of my colleagu...
If you have ever configured central web authentication with ISE you understand that it requires one to configure ACL that dictates what traffic is to be redirected vs. let through without redirection. You also understand that this ACL needs to be config...
Cisco Defense Orchestrator (CDO) is a cloud-based multi-device manager that can manage security products like the Adaptive Security Appliance (ASA), the Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.&nb...