Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5515 IPS management access

Hello!

I can not access to the  ASA IPS module.

I try from ASDM. Configuration->IPS. I type username and password and see following message: "Error connecting to sensor. Error loading sensor"

Could you please help me to correct my config?

I have network topology like this

http://www.cisco.com/image/gif/paws/113690/ips-config-mod-01.gif

My config

KR-ASA# sh run int gig 0/5

!

interface GigabitEthernet0/5

nameif Inside

security-level 100

ip address 172.33.1.253 255.255.255.0 standby 172.33.1.254

!

interface Management0/0

management-only

no nameif

security-level 0

no ip address

!

KR-ASA# sh module ips details       

App. name:          IPS

App. Status:        Up

App. Status Desc:   Normal Operation

App. version:       7.1(4)E4

Data Plane Status:  Up

Status:             Up

License:            IPS Module  Enabled  perpetual

Mgmt IP addr:       172.33.1.251                                               

Mgmt Network mask:  255.255.255.0                                              

Mgmt Gateway:       172.33.1.253                                               

Mgmt Access List:   172.33.1.0/24                                              

Mgmt Access List:   172.34.1.0/24                                              

Mgmt web ports:     443                                                        

Mgmt TLS enabled:   true  

!       

KR-ASA# ping 172.33.1.251

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.33.1.251, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/10 ms

!

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

!

Thank you!

   

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

ASA 5515 IPS management access

Hi Vladimir,

Yups, that is one issue which is seen. Java downgrade should fix this. If not, enable java debug logs and paste those here:

Go to control panel->right click java->Open->Advanced->Check all boxes under debugging and click radio button for show console

Run IDM from browser again and collect the data in java console window and paste it here.

-

Regards,

Sourav Kakkar

6 REPLIES
Cisco Employee

ASA 5515 IPS management access

Hi Vladimir,

Here is how packets are going to flow:

- From management machine to IPS

- IPS will reply directly to mgmt machine if it is in same subnet as that of IPS.

- IPS will reply through its DG which is ASA in this case if mgmt machine is not in same subnet as that of IPS and in that case appropriate config would be needed on ASA.

Are you able to ping IPS from mgmt machine?

Check this link and see which scenario suits you (possibly 1):

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a0080bd5d03.shtml

Once necessary config is done and in case you get problems while accessing the IPS from ASDM, try following from same machine:

open browser and go to: https://172.33.1.251

HTH.

-

Regards,

Sourav Kakkar

New Member

ASA 5515 IPS management access

Hello, sokakkar!

Thank you for the reply!

Yes, scenario 1 is mine.

I can ping IPS from my PC and from ASA. ASA gig 0/5 and IPS are in same subnet - 172.33.1.0/24.

I can access https://172.33.1.251. I see invitation to download asdm|idm software. But I cannot access IPS from this software too.

https://supportforums.cisco.com/thread/2172962

Here is same problem.

I will downgrade java version on my PC and try to access to IPS from ASDM

From this link

-This is one of the issues we are lately seen on the TAC and yes, it is 100% related to the java version on the PC because of the JAVA SSL Client Hello Format.

-Hi Guys, today I solved this issue. The problem is concern to JAVA version. ASDM work ok with java ver 7, but IDM not work with this java version. I downgrade mi java version from 7 to 6 and IDM now lauch from ASDM.

Cisco Employee

ASA 5515 IPS management access

Hi Vladimir,

Yups, that is one issue which is seen. Java downgrade should fix this. If not, enable java debug logs and paste those here:

Go to control panel->right click java->Open->Advanced->Check all boxes under debugging and click radio button for show console

Run IDM from browser again and collect the data in java console window and paste it here.

-

Regards,

Sourav Kakkar

New Member

ASA 5515 IPS management access

Hi, sokakkar!

I will try tomorrow and will let you know about result.

Thank you for the help!

New Member

ASA 5515 IPS management access

Hi sokakkar!

I've installed java version 6. Everything is fine, I have access to IPS from ASDM. Thank you for the help!

Cisco Employee

ASA 5515 IPS management access

Hi Vladimir,

Sounds great! You really figured it out yourself!

Please rate the post which provided the solution.

-

Regards,

Sourav Kakkar

726
Views
0
Helpful
6
Replies
CreatePlease to create content