IPS problem - please help

Unanswered Question
Aug 3rd, 2009

Dear all,

We have an ASA5520 running with AIP-SSM 10 IPS module. IPS module is in inline mode. We have having some problem. Curruntly its handling 30 to 40 mbps data. the problem is that i am getting high latency from my LAN. If i bypass IPS i get 1 ms latency where as if i use IPS i get 120 ms to 160 ms. which is creating some problem running some of my application like Team 2.

Below is part of my ASA config.

=================

class-map brac-ips-class

match any

class-map inspection_default

match default-inspection-traffic

class-map http-map1

match any

!

!

policy-map type inspect dns migrated_dns_map_1

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns migrated_dns_map_1

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

class brac-ips-class

ips inline fail-open

class http-map1

set connection advanced-options mss-map

======================

What i did today, i just omit from my asa the two line which are

class brac-ips-class

ips inline fail-open

by giving "no class brac-ips-class" and noting else. I didn't save it even. everything was just fine. but suddenly i found my network down. When it become ok i found that ASA has reload autometically and back to its original configuratioin.

Could you please tell me why it happened.

what the other config that i have to erase for bypassing IPS.

Here also i am giving the sh ver of my IPS module for your suggestion. Plz let me know if my IPS has reached to its maximum capacity or any guideline.

===================================

bblsensor# sh ver

Application Partition:

Cisco Intrusion Prevention System, Version 5.1(5)E1

Host:

Realm Keys key1.0

Signature Definition:

Signature Update S278.0 2007-03-28

Virus Update V1.2 2005-11-24

OS Version: 2.4.26-IDS-smp-bigphys

Platform: ASA-SSM-10

Serial Number: JAF1124071C

No license present

Sensor up-time is 45 days.

Using 682496000 out of 1054670848 bytes of available memory (64% usage)

system is using 17.4M out of 29.0M bytes of available disk space (60% usage)

application-data is using 45.8M out of 166.8M bytes of available disk space (29% usage)

boot is using 35.3M out of 68.6M bytes of available disk space (54% usage)

MainApp 2007_FEB_02_15_58 (Release) 2007-02-02T16:04:00-0600 Running

AnalysisEngine 2007_FEB_02_15_58 (Release) 2007-02-02T16:04:00-0600 Running

CLI 2007_FEB_02_15_58 (Release) 2007-02-02T16:04:00-0600

Upgrade History:

IPS-K9-sp-5.1-5-E1 15:58:00 UTC Fri Feb 02 2007

Recovery Partition Version 1.1 - 5.1(5)E1

=======================================

Waiting for your reply.

Regards.

Tuhin.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
suschoud Mon, 08/03/2009 - 16:22

Tuhin,

ur asa crashed ( rebooted on it;s own ).I would suggest collecting sh crash and opening a case with TAC so that a thorough analysis of crash could be done.

Actions

This Discussion