CISCO AIP SSM-10

Unanswered Question
May 15th, 2010

Hello,

I am having ASA 5510 with AIP SSM-10, i want to configuring AIP SSM, i see some events on it.

evStatus: eventId=1231331883623717536 vendor=Cisco

  originator:

    hostId: Sensor-A

    appName: interface

    appInstanceId: 337

  time: 2010/05/15 07:00:49 2010/05/15 12:00:49 GMT+05:00

  netInterfaceMissedPacketThresholdExceeded:

    description: GigabitEthernet0/1 : Missed-packet threshold was exceeded.  100% of packets were missed.

    interfaceName: GigabitEthernet0/1

on the dash board it shows:
Missed Packet = critical
Event retieval = critical
I have apply service policy and applied any traffic to be go through IPS. but its no
thank you,
Zafar
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jennifer Halim Sat, 05/15/2010 - 04:27

Have you enabled the virtual sensor (vs0) on the IPS module itself?

If you IDM into the IPS, you can check the following:

Configuration --> Policies --> IPS Policies --> edit "vs0" --> tick "Assigned" for gig0/1 (backplane interface) --> OK --> click "Apply"

Hope that helps.

zafar12233 Sun, 05/16/2010 - 23:00

hello,

thanks for your reply.

yes it wasnt assigned to interface, i followed your instruction and did that, it worked for a while but later same error msgs

i noticed that its happening since its installed in NEW ASA 5510.

Jennifer Halim Sun, 05/16/2010 - 23:15

What version of AIP module are you running?

If you haven't run the latest version, you might want to upgrade it to 7.0.2(E4).

Jennifer Halim Sun, 05/16/2010 - 23:23

Yes, definitely old version of code.

Please upgrade it to the latest version of 7.0.2(E4)

zafar12233 Mon, 05/17/2010 - 00:13

Thanks,

i will certainly upgrade the IPS version, could you tell me how to take back up of existing IPS version software?

zafar12233 Mon, 05/17/2010 - 00:44

Hello,

I have upgraded the IPS version to 7.0.2 E3, now i don't see missed packet errors but still receiving event retrieval error.

thanks

Zafar

Jennifer Halim Mon, 05/17/2010 - 00:48

If you are not retrieving any events from external server, you can turn that feature off.

Here is how you would turn it off:

Configuration --> Sensor Management --> Sensor Health --> untick Event Retrieval.

Hope that helps.

zafar12233 Mon, 05/17/2010 - 00:52

Hi

thnks alot for your quick response

just one question, it shows in sensor health that "License time remaining --critical---no license".

its showing since we have purchased it.

Jennifer Halim Mon, 05/17/2010 - 00:59

Try to update the license directly via cisco.com:

Configuration --> Sensor Management --> Licensing --> Update from cisco.com

Without license, you can not update the signature pack to the latest version.

If the IPS subscription license has expired, you can purchase it to allow you to update to the latest signature  pack.

Actions

This Discussion