How can I reboot a IPS sensor.

Answered Question
Jul 29th, 2009

Hello,

On our Ciso ASA we have the ASA-SSM-10 IPS module. It seem sto be in a state and the Cisco IPS Manager Express says it's not connected anymore. If I SSH/Telnet to it then I get the message:

Error: Cannot communicate with mainApp (getVersion). Please contact your system administrator.

Would you like to run cidDump?[no]:

I have this problem too.
0 votes
Correct Answer by Collin_Clark about 4 years 8 months ago

Can you login into the ASA CLI (the firewall portion) and enter

hw-module module 1 reload

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 4.5 (2 ratings)
Collin_Clark Wed, 07/29/2009 - 06:13

From the ASA CLI see if you can get to it. The command is session 1. If you encounter any problems, you'll probably have to bounce it. It looks like you can reload the module with he following command(s).

FW# hw-module module 1 ?

password-reset Reset the CLI password on the module

recover Configure recovery of this module

reload Reload the module

reset Reset the module

shutdown Shut down the module

Hope that helps

whiteford Wed, 07/29/2009 - 06:26

Thanks, I get the same issue, I guess I need to reboot the ASA 5520 :(

whiteford Wed, 07/29/2009 - 06:28

Thing is it throws me out after :

Error: Cannot communicate with mainApp (getVersion). Please contact your system administrator.

Would you like to run cidDump?[no]:

So I don't get a command prmt to do this.

Collin_Clark Wed, 07/29/2009 - 06:37

I'm confused. I thought you had access to the ASA and everything is working fine, but the IPS module was not responding properly. Is that correct?

whiteford Wed, 07/29/2009 - 06:41

I logon on the ASA via the CLI, then enter seesion 1 and enter the username and password for the IPS module, it then freezes for about a minute and I get the prompt:

Error: Cannot communicate with mainApp (getVersion). Please contact your system administrator.

Would you like to run cidDump?[no]:

I type "no" and it bombs me out to my desktop. I'm tried using the ASDM and Cisco IPS Manager Express, but they can't connct via it's IP although I can ping it.

I can SSH to the module, but again I get the above prompt and same scenario.

Hope that helps.

Correct Answer
Collin_Clark Wed, 07/29/2009 - 06:43

Can you login into the ASA CLI (the firewall portion) and enter

hw-module module 1 reload

whiteford Tue, 08/04/2009 - 23:42

One thing I do notice about that command is it also reboots the ASA. We have 2 ASA in failover mode and I notice the other ASA becomes the active ASA, is this correct?

suschoud Wed, 08/05/2009 - 11:44

not true,

the above command only reloads the ips module.however,for failover to work,both units should have same hardware.when ips module in ur active unit is reloading,at that time,standby asa treats this as a failure on active unit and becomes the active .that is why failover occured when u reloaded the module on active.

resolution is to disable failover,reload the ips..when it comes back up,enable the failover again

hTh

Sushil

whiteford Wed, 08/05/2009 - 23:39

Thanks for explaining this.

I didn't setup the failover, how would I disable this first?

PWCSinfosec Wed, 08/12/2009 - 07:38

I ran into this same error quite a bit. I would get the error, reload the sensor and then about 2 or 3 days later it would happen again. After upgrading to the sensor to version 7.0(1)this stopped occurring.

Actions

Login or Register to take actions

This Discussion

Posted July 29, 2009 at 4:42 AM
Stats:
Replies:15 Avg. Rating:4.5
Views:3791 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 816
2 668
3 603
4 526
5 367
Rank Username Points
5
5
5
5
5