AIP SSC and SSM having issues with the changes being made to the default configuration.
We began some larger signature retirements as of s612 (which you've probably already noticed) and have continued retiring in each successive release. Each release is tested on a heavily loaded lower capacity sensor before publishing the update to CCO for download.
Just wanted to make you all aware that we've seen a few cases, under certain conditions where the sensor is hitting a high memory mark and may not apply the changes during a signature update. However, after a restart of the sensor, all the changes are in effect.
Specifically, we've seen a few instances where the SSC-5 and the SSM-10; which are the two smallest capacity IPS cards for the ASA, unable to complete an update when starting at either 6.2(4)e4 or 7.0(6)e4 s549, then jumping up to s614 and s615. These were an application image recovery and then an immediate attempt to update to the most current signature update level. This is jumping 60+ signature update levels, with some large configurations changes happening after s611, on one of the two smallest AIP cards for the ASA.
To avoid the out of memory issues when updating signature levels, we're recommending updating to s611 in smaller increments and then applying s612 and each subsequent release in order, one at a time, until the most recent signature update level is reached.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :