Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASDM and AIP-SSM

I have upgraded the AIP to version 6.0 and I should be able to now launch the IPS module in ASDM, but instead I get an error - unable to connect too sensor. I can access the sensor just fine from IE.

6 REPLIES
Green

Re: ASDM and AIP-SSM

Are you trying the correct ip address? Does the ASA have a route to this ip?

Community Member

Re: ASDM and AIP-SSM

More info: The person sitting next too me has not issues. From ASDM he can launch IPS inside ASDM, so I know it does work. Yes I the correct IP address is being displayed in ASDM. No there is not a route in the ASA because the IP address of the AIP-SSM is in the same subnet as the inside interface of the ASA. Yes I do have a cable connecting the AIP-SSM management port to an internal switch.

Green

Re: ASDM and AIP-SSM

Is the ASA an "allowed host"?

service host

network settings

access-list /32

Community Member

Re: ASDM and AIP-SSM

Great question. Actually I have it open for the entire class B network range. Someone sitting right next too me can get it too work but I can't.

Green

Re: ASDM and AIP-SSM

The guy next to you has no problem connecting through ASDM to the same ASA you are trying or a completely different ASA?

edit: Also is ssl enabled on the sensor?

service web-server

enable-tls

port 443

Community Member

Re: ASDM and AIP-SSM

Yes it is. Just to make things a little easier here is my config for the AIP-SSM:

! ------------------------------

! Current configuration last modified Wed May 02 12:35:15 2007

! ------------------------------

! Version 6.0(1)

! Host:

! Realm Keys key1.0

! Signature Definition:

! Signature Update S274.0 2007-03-01

! Virus Update V1.2 2005-11-24

! ------------------------------

service interface

exit

! ------------------------------

service authentication

exit

! ------------------------------

service event-action-rules rules0

overrides deny-packet-inline

override-item-status Enabled

risk-rating-range 90-100

exit

exit

! ------------------------------

service host

network-settings

host-ip x.x.18.253/27,x.x.18.225

host-name sensor

telnet-option disabled

access-list x.x.0.0/16

exit

time-zone-settings

offset -420

standard-time-zone-name GMT-07:00

exit

summertime-option recurring

offset 60

summertime-zone-name GMT-07:00

start-summertime

month march

week-of-month second

day-of-week sunday

time-of-day 02:00:00

exit

end-summertime

month november

week-of-month first

day-of-week sunday

time-of-day 02:00:00

exit

exit

exit

! ------------------------------

service logger

exit

! ------------------------------

service network-access

exit

! ------------------------------

service notification

exit

! ------------------------------

service signature-definition sig0

exit

! ------------------------------

service ssh-known-hosts

exit

! ------------------------------

service trusted-certificates

exit

! ------------------------------

service web-server

enable-tls true

port 443

exit

! ------------------------------

service anomaly-detection ad0

exit

! ------------------------------

service external-product-interface

exit

! ------------------------------

service analysis-engine

virtual-sensor vs0

physical-interface GigabitEthernet0/1

434
Views
0
Helpful
6
Replies
CreatePlease to create content