Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
C-64
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix C Troubleshooting
Troubleshooting the ASA 5500 AIP SSM
If the ASAs are configured in fail-close mode, and if the ASA 5500 AIP SSM on the active ASA
experiences a SensorApp crash or a service pack upgrade, failover is triggered and traffic passes
through the module that was previously the standby for the ASA 5500 AIP SSM.
Configuration Examples
Use the following configuration for the primary ASA:
interface GigabitEthernet0/7
description LAN Failover Interface
failover
failover lan unit primary
failover lan interface folink GigabitEthernet0/7
failover interface ip folink 172.27.48.1 255.255.255.0 standby 172.27.48.2
Use the following configuration for the secondary ASA:
interface GigabitEthernet0/7
description LAN Failover Interface
failover
failover lan unit secondary
failover lan interface folink GigabitEthernet0/7
failover interface ip folink 172.27.48.1 255.255.255.0 standby 172.27.48.2
The ASA 5500 AIP SSM and the Data Plane
Symptom The ASA 5500 AIP SSM data plane is kept in the Up state while applying signature updates.
You can check the ASA 5500 AIP SSM data plane status by using the show module command during
signature updates.
Possible Cause Bypass mode is set to off. The issue is seen when updating signatures, and when you
use either CSM or IDM to apply signature updates. This issue is not seen when upgrading IPS
system software.
The ASA 5500 AIP SSM and the Normalizer Engine
The majority of the features in the Normalizer engine are not used on the ASA 5500 AIP SSM, because
the ASA itself handles the normalization. Packets on the ASA IPS modules go through a special path in
the Normalizer that only reassembles fragments and puts packets in the right order for the TCP stream.
The Normalizer does not do any of the normalization that is done on an inline IPS appliance, because
that causes problems in the way the ASA handles the packets.
The following Normalizer engine signatures are not supported:
1300.0
1304.0
1305.0
1307.0
1308.0
1309.0
 previous next