Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1060
Views
0
Helpful
4
Replies

Cisco IPS ASA SSM-10 Connectivity Issues

dblount
Level 1
Level 1

‎06-09-2008 10:55 AM - edited ‎03-10-2019 04:08 AM

I am having trouble with connectivity and the IPS Module. The IPS management interface is plugged into a dell powerconnect switch using a straight cable and it shows a link. However I cannot ping the ip address i have assigned the management interface. Its almost like the interface is shutdown. Could this be the case? Can the management interfacee shutdown? If so how do I bring it up? If not what would be some troubleshooting techniques with the IPS Module?

Labels:
0 Helpful
4 Replies 4

Farrukh Haroon
VIP Alumni
VIP Alumni

‎06-09-2008 11:56 AM

First of all issue the command:

"show module 1 details"

To check if your module is in UP state.

If it is not UP, have a look at:

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00808908d5.shtml

Also check if the port is UP/UP on the switch.

Please also note that in order for the IPS IP to be pingable. the SOURCE pinging should be Permitted in the access-list of the IPS (which can be done using the 'setup' command or under service host). A better approach would be to ping the machine from the IPS itself, as this is not dependent on the Access List on the IPS.

Regards

Farrukh

0 Helpful

dblount
Level 1
Level 1
In response to Farrukh Haroon

‎06-09-2008 12:19 PM

I issued the show module 1 details command and everything shows up. I looked at the switch and everything is in the up state. I have tried pinging from the IPS to nodes on the same leg but nothing is going through. Im looking through the link you provided now and hope to find something. Any ther suggestions?

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to dblount

‎06-09-2008 12:59 PM

Check the 'show interface' command on the IPS (I hope it is available on the AIP-SSM).

Check the machine you are pinging, if it has an ARP entry for the IPS module's Management IP, 'arp -a' if its Windows.

Try changing the switch port (Or get a Cisco Switch :) )

Perhaps you can try to re-initialize the AIP-SSM using the 'setup' command.

Also if possible post the 'show interface' and 'show config' output of the module on the forum.

Regards

Farrukh

0 Helpful

abhay_i386
Level 1
Level 1

‎06-09-2008 11:28 PM

Hi,

If u r not able to ping the IPS from ur machine , then u directly connect ur machine to the IPS command&control interface. Then U should ping and after that U can access the IPS , but JAVA must be installed on ur machine to access the IPS.Also u must see the IPS config -- Mainly acess-list on the IPS. U can see as folows--

ASA#session 1

enter pass --

IPS#sh config

And from here u can see the access-list entries.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card