Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPS Module no longer processing traffic following signature update?

Our AIP-SSM-20 module no longer seems to be processing any traffic from our ASA5540.

I have it set-up to log to our CSMARS system. A few days ago, I noticed the CSMARS was showing “inactive CSMARS reporting device” and when I checked the IPS events from the module using IME there were no events at all - not even low or informational.

Similarly, if I use show stat virtual-sensor vs0 on the IPS module the number of packets processed is no longer incrementing.

When I checked when I last received an event successfully, it coincided with when the IPS had auto-updated with signature S406. It has since also auto-updated with S407. Apart from this, nothing has changed config-wise on either the IPS module or the ASA itself so I cannot understand why the traffic no longer seems to be getting processed.

Any suggestions on what the problem could be? Is it possible something has gone wrong with the auto signature update and, if so, is there any way I can remove the last 2 signature updates to see if traffic is processed again?

Any advice would be welcome!


New Member

Re: IPS Module no longer processing traffic following signature

I should have guessed - a reboot of the IPS sensor seems to have solved this particular problem.

Traffic is being processed again following the sensor reboot.

Problem resolved.

Re: IPS Module no longer processing traffic following signature

Hi Neil,

I know you mentioned this was resolved with a reboot, but what version of code are you running on the module? I had the same problem on one of my two SSMs and upgrading to 7.0(1)E3 seems to have resolved it. I have not had another failure following a signature update since.



Re: IPS Module no longer processing traffic following signature

We have experienced signature updates locking up a sensor on just about every hardware platform and most (if not all) software versions. This is one of the reasons why we do not perform automatic signature or software updates. We also watch for sensors going silent with a heartbeat sig.