What could be the reason for ASA throwing this syslog everyday exactly when the signatures are configured for auto-update:
%ASA-6-420005: Virtual Sensor vs0 was deleted from the AIP SSM
As per Cisco documentation, vs0 cannot be deleted.
Immediately after the above message, following message is generated:
%ASA-1-323006: Module ips experienced a data channel communication failure, data channel is DOWN.
Then, after around a minute, following syslog is generated telling that vs0 was added back to the IPS:
%ASA-6-420004: Virtual Sensor vs0 was added on the AIP SSM
And finally, we get following syslog showing that IPS module is back up:
%ASA-1-505011: Module ips data channel communication is UP
So, it looks like that somehow, vs0 gets deleted from the IPS module which results in IPS experiencing data channel communication failure. Then vs0 automatically gets added back and IPS comes back up.
The cycle of above syslogs is seen daily at the same time.
Please note that we don't have license present on the IPS module.
So, it looks like this is what could be happening:
- At configured update time everyday, the IPS module tries upgrading the signature. The signatures get downloaded successfully and when IPS module tries to apply them, it realizes that the license is missing, so it tries to roll back and that’s when all those messages start coming up (even though still vs0 shouldn’t have been deleted)
This event continues the conversation of our recent Community Ask Me Anything event "Secure Remote Workers".
To participate in this event, please use the button to ask your questions
Here’s your ch...
User Experience Enhancements
As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.
Early Access introduces a...
This video features a step by step walk through of configuring Cisco AnyConnect on FTD managed by FMC. Timestamps included for certificate installation, Access Control, Licensing, NAT, and Deployment failures.
I am trying to solve a CSR signing issue in a home lab.Can someone clarify this theoretical point? According to Wikipedia: "Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The...
Threat Response integrates with Cisco's Web Security Appliance (WSA) to provide visibility into web-bourne threats. By adding a Web Security or SMA Web module to Threat Response, investigators will be able to search for domains, URLs, and file hashes th...