cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
770
Views
0
Helpful
1
Replies

Not able to login to IPS with GUI and No IPS command in policy map!!

RAMACHANDRA R
Level 1
Level 1

Hi,

AIP SSM 20 is up and running not able to login through ASDM or browser, and not able direct the traffic to IPS module through asa command line intrestingly not able to see ips command     in policy map. if some one can guide me how to get it work.

Please find the IPS Module status. and some commands for your observation.

ASA-5520# sh module

Mod Card Type                                    Model              Serial No.
--- -------------------------------------------- ------------------ -----------
  0 ASA 5520 Adaptive Security Appliance         ASA5520            JMX1345L1UG
  1 ASA 5500 Series Security Services Module-20  ASA-SSM-20         JAF1343AKHQ

Mod MAC Address Range                 Hw Version   Fw Version   Sw Version
--- --------------------------------- ------------ ------------ ---------------
  0 0026.cb49.1033 to 0026.cb49.1037  2.0          1.0(11)5     8.2(1)
  1 0026.cba2.b9a2 to 0026.cba2.b9a2  1.0          1.0(11)5     7.0(2)E3

Mod SSM Application Name           Status           SSM Application Version
--- ------------------------------ ---------------- --------------------------
  1 IPS                            Up               7.0(2)E3

Mod Status             Data Plane Status     Compatibility
--- ------------------ --------------------- -------------
  0 Up Sys             Not Applicable
  1 Up                 Up

ASA-5520#

no command ips inline command

ASA-5520# conf t
ASA-5520(config)# class-
ASA-5520(config)# class-map route-to-ips
ASA-5520(config-cmap)# m
ASA-5520(config-cmap)# ma
ASA-5520(config-cmap)# mat
ASA-5520(config-cmap)# match an
ASA-5520(config-cmap)# match any
ASA-5520(config-cmap)# exit
ASA-5520(config)# ploi
ASA-5520(config)# poli
ASA-5520(config)# policy-map ips-policy
ASA-5520(config-pmap)# cla
ASA-5520(config-pmap)# class route-to-ips
ASA-5520(config-pmap-c)# class route-to-ips ?

mpf-policy-map mode commands/options:
  <cr>

configure mode commands/options:
  <cr>
ASA-5520(config)# class route-to-ips
ASA-5520(config-cmap)# ?

MPF class-map configuration commands:
  description  Specify class-map description
  exit         Exit from MPF class-map configuration mode
  help         Help for MPF class-map configuration commands
  match        Configure classification criteria
  no           Negate or set default values of a command
  rename       Rename this class-map
ASA-5520(config-cmap)# ip?

configure mode commands/options:
  ip    ipsec    ipv6
ASA-5520(config-cmap)# ips
ASA-5520(config-cmap)# ipsec ?

configure mode commands/options:
  df-bit                Set IPsec DF policy
  fragmentation         Set IPsec fragmentation policy
  security-association  Set security association parameters
  transform-set         Define transform and settings
ASA-5520(config-cmap)# ips inline fa
ASA-5520(config-cmap)# ips inline
                           ^
ERROR: % Invalid input detected at '^' marker.
ASA-5520(config-cmap)# ips inline fail-close
                           ^
ERROR: % Invalid input detected at '^' marker.
ASA-5520(config-cmap)# ips ?

configure mode commands/options:
  df-bit                Set IPsec DF policy
  fragmentation         Set IPsec fragmentation policy
  security-association  Set security association parameters
  transform-set         Define transform and settings
ASA-5520(config-cmap)#

ASA-5520(config-cmap)# sho ips
Sensor Name      Sensor ID
-----------      ---------
vs0              1
ASA-5520(config-cmap)# sh ver

Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)

Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"

Regrads

Rama

1 Reply 1

fsebera
Level 4
Level 4

Rama,

First, PLEASE understand, if you would like help, you should make it easy for folks to see your information clearly.

The text you pasted in below is full of syntax errors that busy folks don't have time to sort through.

Also using a fixed space font (courier, or courier new) will help align the details as-well.

I found that running I.E. with Java version pre 1.6 works VERY well.

Hope this helps!

Frank

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: