Cisco IPS ASA SSM-10 Connectivity Issues

Unanswered Question

I am having trouble with connectivity and the IPS Module. The IPS management interface is plugged into a dell powerconnect switch using a straight cable and it shows a link. However I cannot ping the ip address i have assigned the management interface. Its almost like the interface is shutdown. Could this be the case? Can the management interfacee shutdown? If so how do I bring it up? If not what would be some troubleshooting techniques with the IPS Module?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Mon, 06/09/2008 - 11:56
User Badges:
  • Red, 2250 points or more

First of all issue the command:

"show module 1 details"

To check if your module is in UP state.

If it is not UP, have a look at:

Also check if the port is UP/UP on the switch.

Please also note that in order for the IPS IP to be pingable. the SOURCE pinging should be Permitted in the access-list of the IPS (which can be done using the 'setup' command or under service host). A better approach would be to ping the machine from the IPS itself, as this is not dependent on the Access List on the IPS.



I issued the show module 1 details command and everything shows up. I looked at the switch and everything is in the up state. I have tried pinging from the IPS to nodes on the same leg but nothing is going through. Im looking through the link you provided now and hope to find something. Any ther suggestions?

Farrukh Haroon Mon, 06/09/2008 - 12:59
User Badges:
  • Red, 2250 points or more

Check the 'show interface' command on the IPS (I hope it is available on the AIP-SSM).

Check the machine you are pinging, if it has an ARP entry for the IPS module's Management IP, 'arp -a' if its Windows.

Try changing the switch port (Or get a Cisco Switch :) )

Perhaps you can try to re-initialize the AIP-SSM using the 'setup' command.

Also if possible post the 'show interface' and 'show config' output of the module on the forum.



abhay_i386 Mon, 06/09/2008 - 23:28
User Badges:


If u r not able to ping the IPS from ur machine , then u directly connect ur machine to the IPS command&control interface. Then U should ping and after that U can access the IPS , but JAVA must be installed on ur machine to access the IPS.Also u must see the IPS config -- Mainly acess-list on the IPS. U can see as folows--

ASA#session 1

enter pass --

IPS#sh config

And from here u can see the access-list entries.


This Discussion