How can I reboot a IPS sensor.

Answered Question
Jul 29th, 2009
User Badges:

Hello,


On our Ciso ASA we have the ASA-SSM-10 IPS module. It seem sto be in a state and the Cisco IPS Manager Express says it's not connected anymore. If I SSH/Telnet to it then I get the message:


Error: Cannot communicate with mainApp (getVersion). Please contact your system administrator.

Would you like to run cidDump?[no]:



Correct Answer by Collin Clark about 7 years 11 months ago

Can you login into the ASA CLI (the firewall portion) and enter


hw-module module 1 reload


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (4 ratings)
Loading.
Collin Clark Wed, 07/29/2009 - 06:13
User Badges:
  • Purple, 4500 points or more

From the ASA CLI see if you can get to it. The command is session 1. If you encounter any problems, you'll probably have to bounce it. It looks like you can reload the module with he following command(s).


FW# hw-module module 1 ?


password-reset Reset the CLI password on the module

recover Configure recovery of this module

reload Reload the module

reset Reset the module

shutdown Shut down the module


Hope that helps

whiteford Wed, 07/29/2009 - 06:26
User Badges:

Thanks, I get the same issue, I guess I need to reboot the ASA 5520 :(

Collin Clark Wed, 07/29/2009 - 06:27
User Badges:
  • Purple, 4500 points or more

You can just reload the IPS module with the commands I posted above.

whiteford Wed, 07/29/2009 - 06:28
User Badges:

Thing is it throws me out after :

Error: Cannot communicate with mainApp (getVersion). Please contact your system administrator.

Would you like to run cidDump?[no]:


So I don't get a command prmt to do this.

Collin Clark Wed, 07/29/2009 - 06:37
User Badges:
  • Purple, 4500 points or more

I'm confused. I thought you had access to the ASA and everything is working fine, but the IPS module was not responding properly. Is that correct?

whiteford Wed, 07/29/2009 - 06:41
User Badges:

I logon on the ASA via the CLI, then enter seesion 1 and enter the username and password for the IPS module, it then freezes for about a minute and I get the prompt:


Error: Cannot communicate with mainApp (getVersion). Please contact your system administrator.

Would you like to run cidDump?[no]:


I type "no" and it bombs me out to my desktop. I'm tried using the ASDM and Cisco IPS Manager Express, but they can't connct via it's IP although I can ping it.


I can SSH to the module, but again I get the above prompt and same scenario.


Hope that helps.

Correct Answer
Collin Clark Wed, 07/29/2009 - 06:43
User Badges:
  • Purple, 4500 points or more

Can you login into the ASA CLI (the firewall portion) and enter


hw-module module 1 reload


Collin Clark Wed, 07/29/2009 - 06:59
User Badges:
  • Purple, 4500 points or more

Glad we got it straightened out. Thanks for the points too.

whiteford Tue, 08/04/2009 - 23:42
User Badges:

One thing I do notice about that command is it also reboots the ASA. We have 2 ASA in failover mode and I notice the other ASA becomes the active ASA, is this correct?

suschoud Wed, 08/05/2009 - 11:44
User Badges:
  • Gold, 750 points or more

not true,



the above command only reloads the ips module.however,for failover to work,both units should have same hardware.when ips module in ur active unit is reloading,at that time,standby asa treats this as a failure on active unit and becomes the active .that is why failover occured when u reloaded the module on active.



resolution is to disable failover,reload the ips..when it comes back up,enable the failover again



hTh

Sushil




whiteford Wed, 08/05/2009 - 23:39
User Badges:

Thanks for explaining this.


I didn't setup the failover, how would I disable this first?

PWCSinfosec Wed, 08/12/2009 - 07:38
User Badges:

I ran into this same error quite a bit. I would get the error, reload the sensor and then about 2 or 3 days later it would happen again. After upgrading to the sensor to version 7.0(1)this stopped occurring.

Actions

This Discussion