Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
246
Views
0
Helpful
2
Replies

IDSM Alarm 997

lathian
Level 1
Level 1

‎09-07-2002 03:44 PM - edited ‎03-09-2019 12:12 AM

Does anyone know what IDS Alarm 997 indicate ? What does "route down, route up" mean ? First I thought there was a lost connection from CSPM to IDS, but I still can ping and update between CSPM and IDS. Any advice would much appreciate.

Thanks

Labels:
0 Helpful
2 Replies 2

marcabal
Cisco Employee
Cisco Employee

‎09-09-2002 06:50 AM

The 997 alarm is generated when the postoffice process on one box is unable to communicate with the postoffice process on the other box.

The 997 alarm can be generate by CSPM when it can't communicate with the sensor, and the sensor will generate a 997 when it can't communicate with the CSPM.

The 996 alarm is generated when the communication is re-established between the 2 postoffice processes.

Possible scenarios:

1) Network outage. CSPM will generate a 997 which will show up in the Event Viewer, and the IDSM will generate a 997 which will be queued on the IDSM and only show up on the Event Viewer after communication is re-established. A 996 alarm will be generated by both when communication is re-established.

2) Push of a configuration to the IDSM which forces a restart of the IDSM: The CSPM generates a 997 as the IDSM processes are restarted. Followed by 996 alarms from both when communication is re-established.

3) The IDSM is reset by the switch: The CSPM generates a 997 as the IDSM is rebooted. Followed by 996 alarms from both when communication is re-established.

4) On rare occasions the communication between the 2 will get out of sync because of a few lost packets. To resync the connection the postoffice processes will bring down the connection (997 alarms) and bring them back up (996 alarms). This is rarely seen unless your network is prone to lossing packets or the connection is across the internet.

So the 997 alarms are pretty typical. If they are wuickly followed by the 996 alarms then there is usually nothing to worry about.

If it takes awhile for the 996 alarm then you may want to look into it and see if the IDSM was rebooted or lost network connection for a short period.

A 997 without a 996 is something to be worried about because the connection is likley still down.

0 Helpful

lathian
Level 1
Level 1
In response to marcabal

‎09-09-2002 08:56 AM

got it, thanks a lot.

0 Helpful
Customers Also Viewed These Support Documents