What could be the reason for ASA throwing this syslog everyday exactly when the signatures are configured for auto-update:
%ASA-6-420005: Virtual Sensor vs0 was deleted from the AIP SSM
As per Cisco documentation, vs0 cannot be deleted.
Immediately after the above message, following message is generated:
%ASA-1-323006: Module ips experienced a data channel communication failure, data channel is DOWN.
Then, after around a minute, following syslog is generated telling that vs0 was added back to the IPS:
%ASA-6-420004: Virtual Sensor vs0 was added on the AIP SSM
And finally, we get following syslog showing that IPS module is back up:
%ASA-1-505011: Module ips data channel communication is UP
So, it looks like that somehow, vs0 gets deleted from the IPS module which results in IPS experiencing data channel communication failure. Then vs0 automatically gets added back and IPS comes back up.
The cycle of above syslogs is seen daily at the same time.
Please note that we don't have license present on the IPS module.
So, it looks like this is what could be happening:
- At configured update time everyday, the IPS module tries upgrading the signature. The signatures get downloaded successfully and when IPS module tries to apply them, it realizes that the license is missing, so it tries to roll back and that’s when all those messages start coming up (even though still vs0 shouldn’t have been deleted)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...