Verify that you have accepted the Pix's SSH server key on the sensor:
Go to configure terminal and execute the "ssh host-key" command for your Pix ip address. The sensor will connect to the Pix and prompt you to accept the key.
Verify that you have configured network access service correctly:
Execute "show conf" and verify that "ssh-des" is configured as the communication protocol for your Pix. Also verify that you have a "shun-device-cfg" specified for your Pix. (Note: this has caused some confusion since the "shun-device-cfg" must first be defined with the username and passwords directly under the service networkacess command, and then again referenced when configuring the specific Pix device.)
Check the rest of the network access configuration like usernames and passwords, and ip addresses are correct.
Check "show statistics networkaccess"
This will let you know the current state of NAC (network access controller).
Additionally you can run "show events error" and provide a date and time from when the sensor was laster rebooted. Then look for any errors that NAC may be reporting.
Settings look good except for one. In the IDS under 'sh statistics networkaccess', I see STATE>NET DEVICE with the IP of the PIX. Below that I see STATE=INACTIVE.
"INACTIVE" doesn't sound good but I can't see any way to "activate" the device.
Also, I see the shuns being added in the IDS when I look at the NetworkAccess statistics. I see shuns and their time remaining. However, I do not see these in the PIX. So, obviously there's a comm problems.
All passwords and IPs are correct in NetworkAccess.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :