Filter
Top Products
C-83
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix C Troubleshooting
Troubleshooting the ASA 5585-X IPS SSP
failover interface ip folink 172.27.48.1 255.255.255.0 standby 172.27.48.2
Use the following configuration for the secondary ASA:
interface GigabitEthernet0/7
description LAN Failover Interface
failover
failover lan unit secondary
failover lan interface folink GigabitEthernet0/7
failover interface ip folink 172.27.48.1 255.255.255.0 standby 172.27.48.2
Traffic Flow Stopped on IPS Switchports
Problem Traffic on any port located on the ASA 5585-X IPS SSP (1/x) no longer passes through the
adaptive security appliance when the ASA 5585-X IPS SSP is reset or shut down. This affects all traffic
through these ports regardless of whether or not the traffic would have been monitored by the IPS. The
link on the ports will link down when the ASA 5585-X IPS SSP is reset or shut down.
Possible Cause Using the ports located on the ASA 5585-X IPS SSP (1/x), and resetting or shutting
it down via any mechanism.
Solution Use the ports on the adaptive security appliance (0/x) instead because those ports do not lose
their link when the ASA 5585-X IPS SSP is reset or shut down.
The ASA 5585-X IPS SSP and the Normalizer Engine
The majority of the features in the Normalizer engine are not used on the ASA 5585-X IPS SSP, because
the ASA itself handles the normalization. Packets on the ASA IPS modules go through a special path in
the Normalizer that only reassembles fragments and puts packets in the right order for the TCP stream.
The Normalizer does not do any of the normalization that is done on an inline IPS appliance, because
that causes problems in the way the ASA handles the packets.
The following Normalizer engine signatures are not supported:
• 1300.0
• 1304.0
• 1305.0
• 1307.0
• 1308.0
• 1309.0
• 1311.0
• 1315.0
• 1316.0
• 1317.0
• 1330.0
• 1330.1
• 1330.2