ASDM and AIP-SSM

Unanswered Question
May 2nd, 2007
User Badges:

I have upgraded the AIP to version 6.0 and I should be able to now launch the IPS module in ASDM, but instead I get an error - unable to connect too sensor. I can access the sensor just fine from IE.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Wed, 05/02/2007 - 09:19
User Badges:
  • Green, 3000 points or more

Are you trying the correct ip address? Does the ASA have a route to this ip?

jkeddington_2 Wed, 05/02/2007 - 09:44
User Badges:

More info: The person sitting next too me has not issues. From ASDM he can launch IPS inside ASDM, so I know it does work. Yes I the correct IP address is being displayed in ASDM. No there is not a route in the ASA because the IP address of the AIP-SSM is in the same subnet as the inside interface of the ASA. Yes I do have a cable connecting the AIP-SSM management port to an internal switch.

acomiskey Wed, 05/02/2007 - 09:53
User Badges:
  • Green, 3000 points or more

Is the ASA an "allowed host"?


service host

network settings

access-list /32

jkeddington_2 Wed, 05/02/2007 - 09:59
User Badges:

Great question. Actually I have it open for the entire class B network range. Someone sitting right next too me can get it too work but I can't.

acomiskey Wed, 05/02/2007 - 10:10
User Badges:
  • Green, 3000 points or more

The guy next to you has no problem connecting through ASDM to the same ASA you are trying or a completely different ASA?


edit: Also is ssl enabled on the sensor?


service web-server

enable-tls

port 443

jkeddington_2 Wed, 05/02/2007 - 10:38
User Badges:

Yes it is. Just to make things a little easier here is my config for the AIP-SSM:


! ------------------------------

! Current configuration last modified Wed May 02 12:35:15 2007

! ------------------------------

! Version 6.0(1)

! Host:

! Realm Keys key1.0

! Signature Definition:

! Signature Update S274.0 2007-03-01

! Virus Update V1.2 2005-11-24

! ------------------------------

service interface

exit

! ------------------------------

service authentication

exit

! ------------------------------

service event-action-rules rules0

overrides deny-packet-inline

override-item-status Enabled

risk-rating-range 90-100

exit

exit

! ------------------------------

service host

network-settings

host-ip x.x.18.253/27,x.x.18.225

host-name sensor

telnet-option disabled

access-list x.x.0.0/16

exit

time-zone-settings

offset -420

standard-time-zone-name GMT-07:00

exit

summertime-option recurring

offset 60

summertime-zone-name GMT-07:00

start-summertime

month march

week-of-month second

day-of-week sunday

time-of-day 02:00:00

exit

end-summertime

month november

week-of-month first

day-of-week sunday

time-of-day 02:00:00

exit

exit

exit

! ------------------------------

service logger

exit

! ------------------------------

service network-access

exit

! ------------------------------

service notification

exit

! ------------------------------

service signature-definition sig0

exit

! ------------------------------

service ssh-known-hosts

exit

! ------------------------------

service trusted-certificates

exit

! ------------------------------

service web-server

enable-tls true

port 443

exit

! ------------------------------

service anomaly-detection ad0

exit

! ------------------------------

service external-product-interface

exit

! ------------------------------

service analysis-engine

virtual-sensor vs0

physical-interface GigabitEthernet0/1

Actions

This Discussion