After upgrading to latest version IPS 7.0(7)E4, the IPS is not up right. In the ASA it appears Not Aplicable and i need to restart the module. Sometime later the IPS appears again Not Aplicable. I can not access via ssh or ASDM, only session 1.
I use Radius to autenthicate and local user if radius fail.
I do have the same issue. Just uupgraded AIP-SSM IPS module from 7.0.5a to 7.0.7 - the module reloaded after upgrade as expected and then went also into unresponsive. A hw-module reload was not possible, than moved (after waiting a period of time) to hw-module shut und reset.
Afterwards the module was running, but login via ASA session, SSH and HTTPS was always denied. I'm also using external radius authentication. Sadly also the local user is not able to login anymore. To make things even worser: I did a password recovery for the cisco users, I'm able not to login via session but the cisco User is read-only. I've always maintained the device with a separate local users, where it seems there is no remote password recovery method.
I'll now look physically with a console cable, if I could find something.
For me it looks like either I've oversean something in the release notes or the new version is not been tested very well? (I've upgrading regularly during the year since at least three years without such issues.)
thank you - quite clear, did excatly the same just some minutes before your post. If reverted back to 7.0.5a, which is now working again as expected. Meaning (for documentation propose if other users do run into the same issue):
- hw-module module 1 shutdown
- hw-module module 1 reset
- hw-module module 1 recover configure
- using IPS-SSM_40-K9-sys-1.1-a-7.0-5a-E4.img
- hw-module module 1 recover boot
- login via session 1 cisco/cisco, set new password and go thru initial setup process
- reconfigure (copy/paste) with old config via cli session
- done ;-)
Radius Support seems still buggy, as I remeber is has been added some number of versions ago but also never reached the CLI AAA part. So I guess radius is somehow still not fully tested / undervalued. Just a guess.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :