Cisco IPS ASA SSM-10 Connectivity Issues

Unanswered Question

I am having trouble with connectivity and the IPS Module. The IPS management interface is plugged into a dell powerconnect switch using a straight cable and it shows a link. However I cannot ping the ip address i have assigned the management interface. Its almost like the interface is shutdown. Could this be the case? Can the management interfacee shutdown? If so how do I bring it up? If not what would be some troubleshooting techniques with the IPS Module?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Mon, 06/09/2008 - 11:56

First of all issue the command:

"show module 1 details"

To check if your module is in UP state.

If it is not UP, have a look at:

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00808908d5.shtml

Also check if the port is UP/UP on the switch.

Please also note that in order for the IPS IP to be pingable. the SOURCE pinging should be Permitted in the access-list of the IPS (which can be done using the 'setup' command or under service host). A better approach would be to ping the machine from the IPS itself, as this is not dependent on the Access List on the IPS.

Regards

Farrukh

Farrukh Haroon Mon, 06/09/2008 - 12:59

Check the 'show interface' command on the IPS (I hope it is available on the AIP-SSM).

Check the machine you are pinging, if it has an ARP entry for the IPS module's Management IP, 'arp -a' if its Windows.

Try changing the switch port (Or get a Cisco Switch :) )

Perhaps you can try to re-initialize the AIP-SSM using the 'setup' command.

Also if possible post the 'show interface' and 'show config' output of the module on the forum.

Regards

Farrukh

abhay_i386 Mon, 06/09/2008 - 23:28

Hi,

If u r not able to ping the IPS from ur machine , then u directly connect ur machine to the IPS command&control interface. Then U should ping and after that U can access the IPS , but JAVA must be installed on ur machine to access the IPS.Also u must see the IPS config -- Mainly acess-list on the IPS. U can see as folows--

ASA#session 1

enter pass --

IPS#sh config

And from here u can see the access-list entries.

Actions

This Discussion