This doesn't seem like rocket science, but I'm a little stuck at the moment.
I have four ASA 5520's with AIP-SSM modules recently installed. Two of them went through the simple setup process, browsed to the IP address, happy days all working and available from SSH/browser.
The other two seem to have a problem. Done the setup process to bare minimum, but no answer to SSH or https.
I don't suppose you particularly need the config, but it's pasted below.
I've used the packet capture CLI and can see the https request and apparently an ACK going back out. So it seems to me that it's hitting the web server.
To add to that, I can ping the laptop I'm using from the IPS, I can trace through to remote sites, everything seems to be working except nothing showing up on the browser.
Any other gotchas I've missed, it's driving me mad now, a seemingly simple setup that already works on two other boxes :-)
13:41:22.480995 IP l04096.net.local.53517 > IPS-01-P.443: S 1652511892:1652511892(0) win 8192 <mss 1260,nop,nop,sackOK>
13:41:22.481034 IP IPS-01-P.443 > l04096.net.local.53517: S 1100273020:1100273020(0) ack 1652511893 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>
13:41:22.659153 IP IPS-01-P.443 > l04096.net.local.53517: S 1100273020:1100273020(0) ack 1652511893 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>
Not sure why it sends two identical replies in quick succession? Looking at that capture I would have guessed they were maybe some kind of ACK, but wireshark shows they're SYN's (definitely no ACK set). I'm expecting to see SYN-SYNACK-ACK, but I'm seeing SYN-SYN-SYN.
I've now confirmed that wireshark at my laptop receives these two packets, but the browse session still fails. Nothing more happens.
Any ideas chaps?
Is there an absolute reset of these modules? I'm never convinced that hw-mod mod 1 reset is doing everything?
IPS-01-P# sh conf
! Current configuration last modified Wed Feb 01 12:34:44 2012
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...