cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ASA 5515 IPS management access

2019
Views
5
Helpful
0
Comments

Introduction

This document covers an issue faced by users where they are not able to access ASA IPS Module. 

Problem

User facing below mentioned issue:

  • can not access to the  ASA IPS module.
  • When tried from ASDM. Configuration->IPS. User type username and password and see following message: "Error connecting to sensor. Error loading sensor"

Topology mentioned by user

ips-config-mod-01.gif

 

Config provided by the user

 

KR-ASA# sh run int gig 0/5

!

interface GigabitEthernet0/5

nameif Inside

security-level 100

ip address 172.33.1.253 255.255.255.0 standby 172.33.1.254

!

interface Management0/0

management-only

no nameif

security-level 0

no ip address

!


KR-ASA# sh module ips details       


App. name:          IPS

App. Status:        Up

App. Status Desc:   Normal Operation

App. version:       7.1(4)E4

Data Plane Status:  Up

Status:             Up

License:            IPS Module  Enabled  perpetual

Mgmt IP addr:       172.33.1.251                                               

Mgmt Network mask:  255.255.255.0                                              

Mgmt Gateway:       172.33.1.253                                               

Mgmt Access List:   172.33.1.0/24                                              

Mgmt Access List:   172.34.1.0/24                                              

Mgmt web ports:     443                                                        

Mgmt TLS enabled:   true  

!       

KR-ASA# ping 172.33.1.251

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.33.1.251, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/10 ms

!

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

Scenario 2

User have two Cisco ASA5540X firewalls with IPS modules configured in a failover pair. Behind this firewall pair (on the inside) are about 140 hosts that use various web-enabled applications, minimal Internet, some email (maybe 10 hosts), and some light file-sharing/access. My IPS is configured for inline analysis, but I have noticed that the cpu runs 100% all the time (6 cores). 

Since I don't want any traffic by-passing the IPS, my configuration on the firewall looks like this

Solution

This is one of the issues which is lately seen on the TAC and yes, it is related to the java version on the PC because of the JAVA SSL Client Hello Format. Java downgrade should fix this.

Go to control panel->right click java->Open->Advanced->Check all boxes under debugging and click radio button for show console

Scenario 2

Although I have installed a handful of these and all of them have had a a CPU load of 100%, I was told by  support that the CPU load on an IPS is very inaccurate way of determining load, it is much better to use the inspection processing load. After further digging I found this  - the issue is discussed as part of this bug - CSCtl74475

Source Discussion