07-29-2009 04:42 AM - edited 03-10-2019 04:43 AM
Hello,
On our Ciso ASA we have the ASA-SSM-10 IPS module. It seem sto be in a state and the Cisco IPS Manager Express says it's not connected anymore. If I SSH/Telnet to it then I get the message:
Error: Cannot communicate with mainApp (getVersion). Please contact your system administrator.
Would you like to run cidDump?[no]:
07-29-2009 06:13 AM
From the ASA CLI see if you can get to it. The command is session 1. If you encounter any problems, you'll probably have to bounce it. It looks like you can reload the module with he following command(s).
FW# hw-module module 1 ?
password-reset Reset the CLI password on the module
recover Configure recovery of this module
reload Reload the module
reset Reset the module
shutdown Shut down the module
Hope that helps
07-29-2009 06:26 AM
Thanks, I get the same issue, I guess I need to reboot the ASA 5520 :(
07-29-2009 06:27 AM
You can just reload the IPS module with the commands I posted above.
07-29-2009 06:28 AM
Thing is it throws me out after :
Error: Cannot communicate with mainApp (getVersion). Please contact your system administrator.
Would you like to run cidDump?[no]:
So I don't get a command prmt to do this.
07-29-2009 06:30 AM
You do it from the ASA!
07-29-2009 06:33 AM
I am!
07-29-2009 06:37 AM
I'm confused. I thought you had access to the ASA and everything is working fine, but the IPS module was not responding properly. Is that correct?
07-29-2009 06:41 AM
I logon on the ASA via the CLI, then enter seesion 1 and enter the username and password for the IPS module, it then freezes for about a minute and I get the prompt:
Error: Cannot communicate with mainApp (getVersion). Please contact your system administrator.
Would you like to run cidDump?[no]:
I type "no" and it bombs me out to my desktop. I'm tried using the ASDM and Cisco IPS Manager Express, but they can't connct via it's IP although I can ping it.
I can SSH to the module, but again I get the above prompt and same scenario.
Hope that helps.
07-29-2009 06:43 AM
Can you login into the ASA CLI (the firewall portion) and enter
hw-module module 1 reload
07-29-2009 06:56 AM
Great that worked a treat!
07-29-2009 06:59 AM
Glad we got it straightened out. Thanks for the points too.
08-04-2009 11:42 PM
One thing I do notice about that command is it also reboots the ASA. We have 2 ASA in failover mode and I notice the other ASA becomes the active ASA, is this correct?
08-05-2009 11:44 AM
not true,
the above command only reloads the ips module.however,for failover to work,both units should have same hardware.when ips module in ur active unit is reloading,at that time,standby asa treats this as a failure on active unit and becomes the active .that is why failover occured when u reloaded the module on active.
resolution is to disable failover,reload the ips..when it comes back up,enable the failover again
hTh
Sushil
08-05-2009 11:39 PM
Thanks for explaining this.
I didn't setup the failover, how would I disable this first?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: