Solved: AIP-SSM POSPF not working at all

oszkari · ‎02-09-2008

Hi,

I want to configure the passive os detection on a ASA-SSM10, i tried to configure from IDM from CLI but still no results. The Learned OS window is empty.

CLI output:

os-identification

-----------------------------------------------

calc-arr-for-ip-range: 0.0.0.0-255.255.255.255 default: 0.0.0.0-255.255.255.255

configured-os-map (ordered min: 0, max: 50, current: 0 - 0 active, 0 inactive)

-----------------------------------------------

passive-traffic-analysis: Enabled default: Enabled

-----------------------------------------------

sh os-identification vs0 learned

No mappings available for the requested parameters.

The IPS version is 6.0(3)E1.

Any ideas?

Thanks!

marcabal · ‎02-11-2008

There is a known issue with Passive OS Fingerprinting on the SSMs.

CSCsi52422

The problem has been fixed and will be available in an upcoming 6.0(4) Service Pack.

View solution in original post

gfullage · ‎02-10-2008

Your configuration is OK, I have the exact same in mine and OS learning is working fine. Are you sure your SSM is seeing traffic from the ASA, have you set up a service policy to direct traffic to it?

Do "sho service-policy" on the ASA and make sure it is actually sending data to the SSM.

oszkari · ‎02-11-2008

Hi

Yes, all traffic is redirected to SSM, with a permit any class map.

The signature detection is working fine, I have problem only with the OS learning.

marcabal · ‎02-11-2008

There is a known issue with Passive OS Fingerprinting on the SSMs.

CSCsi52422

The problem has been fixed and will be available in an upcoming 6.0(4) Service Pack.

oszkari · ‎02-11-2008

Thanks