Core issue

This issue is due to the presence of Cisco bug ID CSCsg35760.

In this issue, the Intrusion Prevention System (IPS) sensor reports that 100 percent packets are dropped / missed. This issue can be confirmed with these commands in the service account:

• cat /proc/net/cisco/ge0_1.info In the output of this command, the Rx_Packets count does not increase, the RX_FIFO_Errors increase, and the RX Debug field has a non-zero static hex value for RC:XX, where XX is normally 0.
  
  
• cat /proc/interrupts In the output of this command, notice that the interrupt counter for ge0_1 does not change over time.

In certain cases, the show statistics analysis-engine command shows this error message:

Error: getAnalysisEngineStatistics : ct-sensorApp.351 not responding, please check system processes - The connect to the specified Io::ClientPipe failed.

Resolution

The workaround for this issue is to reload the Advanced Inspection and Prevention Security Services Module (AIP-SSM) IPS module with the hw-module module 1 reload command, and tune any noisy signatures in order to lighten the sensor load.

In order to completely resolve this issue, download and upgrade the IPS sensor module to version 5.1(5) from Cisco Downloads.

Refer to the Reloading, Shutting Down, Resetting, and Recovering AIP-SSM section of Configuring AIP-SSM for more information.

Problem Type

Troubleshoot software feature

Product Family

IDS/IPS - modules (IDSM-1, IDSM-2)

ASA Hardware & Software