Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

C-78

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Appendix C Troubleshooting

Troubleshooting the ASA 5585-X IPS SSP

IPS Reloading Messages

Symptom ASA syslog messages similar to the following are observed and the root cause of the message

is not clear:

%ASA-1-505013: ASA-SSM-10 Module in slot 1, application reloading "IPS", version

"7.1(6)E4" Config Change

%ASA-1-505013: ASA5585-SSP-IPS10 Module in slot 1, application reloading "IPS", version

"7.1(1)E4" Config Change

These messages occur once an hour for sensors not actively being configured or more often for sensors

being configured.

Conditions ASA adaptive appliances running an affected software version with an ASA IPS module

(ASA 5500 AIP SSMASA 5500-X IPS SSPASA 5585-X IPS SSP) installed that is running IPS 7.1 or

later. The common cause for these messages is global correlation and/or signature updates occurring on

the ASA IPS module that results in these messages being generated for some, but not necessarily all of

the updates, which are attempted every five minutes.

Workaround None. The cause of these messages can be confirmed on the sensor module by reviewing the

show events status past command output and identifying a status event that corresponds to the ASA

syslog message that matches the date and time. The sensor’s status event should provide further details

about what operation occurred that resulted in the ASA syslog message.

IPS Not Loading

Symptom For a failing unit, the Mod Card Type shows ips Unknown:

CMGR PLAT: In sw_mod_idprom_resp_handler Failed to find idp resp udi pdesc for slot 1

messages are seen on the ASA console.

The mac address contains either

da or cb (hex values).

Conditions Loading the IPS image on ASA 5500-X platforms.

Workaround The IPS 7.1(8) p1E4 patch fixes this problem.

Troubleshooting the ASA 5585-X IPS SSP

Tip Before troubleshooting the ASA 5585-X IPS SSP, check the Caveats section of the Readme for the

software version installed on your sensor to see if you are dealing with a known issue.

This section contains troubleshooting information specific to the ASA 5585-X IPS SSP, and contains

the following topics:

• Health and Status Information, page C-79

• Failover Scenarios, page C-82

• Traffic Flow Stopped on IPS Switchports, page C-83

previous next