02-17-2009 10:01 AM - edited 03-10-2019 04:30 AM
Having problem with TLS connection from controller to AIP-SSM. The response cide from IPS to the controller suppose to be 0 but I am getting 35.
TLS fingerprint matches between AIP-SSM and configuration on the controller. And connectivity is good between Controller and AIP-SSM and the time is sync between the two also.
AIP-SSM is Version 6.0(4)
Error log from AIP-SSM:
evError: eventId=1221057394278884465 vendor=Cisco severity=error
originator:
hostId: labips
appName: cidwebserver
appInstanceId: 393
time: February 13, 2009 1:58:39 PM UTC offset=0 timeZone=GMT-08:00
errorMessage: WebSession::sessionTask TLS connection exception: handshake incomplete. name=errTransport
(Cisco Controller) >debug wps cids enable
*Feb 13 14:24:50.982: cidsSdeeCallback is called
*Feb 13 14:24:50.983: cidsProcessSdeeQuery: ip=10.100.1.6,port=443 state=1 interval=10
*Feb 13 14:24:50.983: cidsQuerySend: https://10.100.1.6:443/cgi-bin/transaction-server?command=getShunEntryList
*Feb 13 14:24:50.983: curlHandle is c6facec
*Feb 13 14:24:50.983: Perform on curlHandle c6facec ...
*Feb 13 14:24:50.990: ssl_sensor_verify_callback: verifying cert from sensor
*Feb 13 14:24:50.990: Cert fingerprint verified
*Feb 13 14:24:50.995: Response code is 35
*Feb 13 14:25:00.565: cidsSdeeCallback is called
*Feb 13 14:25:00.565: cidsProcessSdeeQuery: ip=10.100.1.6,port=443 state=1 interval=10
*Feb 13 14:25:00.565: cidsQuerySend: https://10.100.1.6:443/cgi-bin/transaction-server?command=getShunEntryList
*Feb 13 14:25:00.566: curlHandle is c6facec
*Feb 13 14:25:00.566: Perform on curlHandle c6facec ...
*Feb 13 14:25:00.572: ssl_sensor_verify_callback: verifying cert from sensor
*Feb 13 14:25:00.573: Cert fingerprint verified
*Feb 13 14:25:00.577: Response code is 35
*Feb 13 14:25:10.145: cidsSdeeCallback is called
*Feb 13 14:25:10.146: cidsProcessSdeeQuery: ip=10.100.1.6,port=443 state=1 interval=10
*Feb 13 14:25:10.146: cidsQuerySend: https://10.100.1.6:443/cgi-bin/transaction-server?command=getShunEntryList
*Feb 13 14:25:10.146: curlHandle is c6facec
*Feb 13 14:25:10.146: Perform on curlHandle c6facec ...
*Feb 13 14:25:10.153: ssl_sensor_verify_callback: verifying cert from sensor
*Feb 13 14:25:10.153: Cert fingerprint verified
*Feb 13 14:25:10.158: Response code is 35
*Feb 13 14:25:19.743: cidsSdeeCallback is called
*Feb 13 14:25:19.743: cidsProcessSdeeQuery: ip=10.100.1.6,port=443 state=1 interval=10
*Feb 13 14:25:19.743: cidsQuerySend: https://10.100.1.6:443/cgi-bin/transaction-server?command=getShunEntryList
*Feb 13 14:25:19.744: curlHandle is c6facec
*Feb 13 14:25:19.744: Perform on curlHandle c6facec ...
*Feb 13 14:25:19.750: ssl_sensor_verify_callback: verifying cert from sensor
*Feb 13 14:25:19.751: Cert fingerprint verified
*Feb 13 14:25:19.755: Response code is 35
02-17-2009 10:06 AM
p.s Controller release is 5.2
02-17-2009 02:37 PM
Did you run the "TLS Trusted Host" command on the module?
02-17-2009 02:40 PM
Yes
02-17-2009 02:41 PM
did all the steps on the AIP-SSM and on the controller per the configuration guide
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: