01-21-2007 08:44 AM - edited 03-10-2019 03:26 AM
I configured my AIP-SSM sensor running IPS 6 to connect to the CSA MC, but I get a connection failure. The sensor is showing the following error when trying to connect:
evError: eventId=1168311248090659938 severity=warning vendor=Cisco
originator:
hostId: os-ips
appName: externalProductInterface
appInstanceId: 317
time: 2007/01/20 02:50:22 2007/01/19 20:50:22 GMT-06:00
errorMessage: name=errNotAvailable Failure opening a subscription on the Management Center for Cisco Security Agents external interface at 1.1.1.1: Parse response found a different element when expecting the SOAP Envelope element
Solved! Go to Solution.
01-22-2007 12:46 PM
If your CSAMC is version 5.0 then can you please set the url to /csamc50/sdee-server and retry after enabling the interface.
thx
Madhu
01-22-2007 08:53 AM
Can you please paste your config under service external-product-interface on the server? I am specifically looking for the url you have configured.
thx
Madhu
01-22-2007 12:12 PM
The interface is currently disabled, but I think you'll get the picture.
---
cisco-security-agents-mc-settings (min: 0, max: 2, current: 1)
-----------------------------------------------
ip-address: 1.1.1.1
-----------------------------------------------
interface-type: extended-sdee
enabled: no default: yes
url: /csamc/sdee-server
port: 443
use-ssl
-----------------------------------------------
always-yes: yes
-----------------------------------------------
username: adminuser
password:
host-posture-settings
-----------------------------------------------
enabled: yes default: yes
allow-unreachable-postures: yes
posture-acls (ordered min: 0, max: 10, current: 1 - 1 active, 0 inactive)
-----------------------------------------------
ACTIVE list-contents
-----------------------------------------------
NAME: 1-subnet
-----------------------------------------------
network-address: 192.168.1.0/24
action: permit
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
watchlist-address-settings
-----------------------------------------------
enabled: yes
manual-rr-increase: 25
session-rr-increase: 25
packet-rr-increase: 10
01-22-2007 12:46 PM
If your CSAMC is version 5.0 then can you please set the url to /csamc50/sdee-server and retry after enabling the interface.
thx
Madhu
01-22-2007 03:40 PM
Ah ha! I missed that. I'm using 5.1 and made the change; it now shows the connection as active.
Thanks!
01-22-2007 01:06 PM
This error indicates that the IPS is trying to establish communication with the CSA MC, and the CSA MC is returning an unexpected response.
A couple reasons you may be seeing this error:
1. I noticed that the error message says that the IPS is configured to talk to a CSA MC with the IP address 1.1.1.1. Is this the correct IP address for the MC - I?m thinking that the message?s actual IP address was changed before posting for security reasons?
2. For currently shipping and past versions of CSA MC, the CSA MC?s URL has to be configured in the IPS:
* If the CSA MC is version 5.1 (most likely) then configured the URL to be: /csamc51/sdee-server
* If the CSA MC is version 5.0 then configured the URL to be: /csamc50/sdee-server
* Also, if the CSA MC is version 5.0 then be sure to apply the latest patches to the CSA MC since the unpatched versions had issues that caused communication failures and loss of data.
* Note: The next CSA MC release will eliminate the need to set the URL.
Let me know whether this fixes the problem.
Regards,
Jeff
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: