Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

C-67

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Appendix C Troubleshooting

Troubleshooting the ASA 5500-X IPS SSP

• The ASA 5500-X IPS SSP and the Normalizer Engine, page C-75

• The ASA 5500-X IPS SSP and Memory Usage, page C-76

• The ASA 5500-X IPS SSP and Jumbo Packet Frame Size, page C-77

• The ASA 5500-X IPS SSP and Jumbo Packets, page C-77

• TCP Reset Differences Between IPS Appliances and ASA IPS Modules, page C-77

• IPS Reloading Messages, page C-78

• IPS Not Loading, page C-78

Health and Status Information

To see the general health of the ASA 5500-X IPS SSP, use the show module ips details command.

asa# show module ips details

Getting details from the Service Module, please wait...

Card Type: IPS 5555 Intrusion Prevention System

Model: IPS5555

Hardware version: N/A

Serial Number: FCH1504V0CW

Firmware version: N/A

Software version: 7.1(3)E4

MAC Address Range: 503d.e59c.7ca0 to 503d.e59c.7ca0

App. name: IPS

App. Status: Up

App. Status Desc: Normal Operation

App. version: 7.1(3)E4

Data Plane Status: Up

Status: Up

License: IPS Module Enabled perpetual

Mgmt IP addr: 192.168.1.2

Mgmt Network mask: 255.255.255.0

Mgmt Gateway: 192.168.1.1

Mgmt web ports: 443

Mgmt TLS enabled: true

asa#

The output shows that the ASA 5500-X IPS SSP is up. If the status reads Down, you can reset it using the

sw-module module 1 reset command.

If you have problems with reimaging the ASA 5500-X IPS SSP, use the debug module-boot command

to see the output as it boots. Make sure you have the correct IP address for the TFTP server and you have

the correct file on the TFTP server. Then use the sw-module module ips recover command again to

reimage the module.

asa-ips# sw-module module ips recover configure image

disk0:/IPS-SSP_5555-K9-sys-1.1-a-7.1-3-E4.aip

Image URL [tftp://192.0.2.1/IPS-5545-K9-sys-1.1-a-7.1-3-E4.aip]:

Port IP Address [192.0.2.226]:

VLAN ID [0]:

Gateway IP Address [192.0.2.254]:

asa-ips# debug module-boot

debug module-boot enabled at level 1

asa-ips# sw-module module ips reload

Reload module ips? [confirm]

Reload issued for module ips.

previous next