Cisco Systems IPS4520K9 Network Router User Manual


  Open as PDF
of 460
 
E-64
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1
OL-24002-01
Appendix E Troubleshooting
Troubleshooting the ASA 5500-X IPS SSP
Two ASA 5500-Xs in Fail-Close Mode
If the ASAs are configured in fail-close mode, and if the ASA 5500-X IPS SSP on the active ASA
experiences a configuration change or a signature/signature engine update, traffic is stopped from
passing through the active ASA. No failover is triggered.
If the ASAs are configured in fail-close mode, and if the ASA 5500-X IPS SSP on the active ASA
experiences a SensorApp crash or a service pack upgrade, failover is triggered and traffic passes
through the ASA 5500-X IPS SSP that was previously the standby for the ASA 5500-X IPS SSP.
Configuration Examples
Use the following configuration for the primary ASA:
interface GigabitEthernet0/7
description LAN Failover Interface
failover
failover lan unit primary
failover lan interface folink GigabitEthernet0/7
failover interface ip folink 172.27.48.1 255.255.255.0 standby 172.27.48.2
Use the following configuration for the secondary ASA:
interface GigabitEthernet0/7
description LAN Failover Interface
failover
failover lan unit secondary
failover lan interface folink GigabitEthernet0/7
failover interface ip folink 172.27.48.1 255.255.255.0 standby 172.27.48.2
Health and Status Information
To see the general health of the ASA 5500-X IPS SSP, use the show module ips details command.
asa# show module ips details
Getting details from the Service Module, please wait...
Card Type: IPS 5555 Intrusion Prevention System
Model: IPS5555
Hardware version: N/A
Serial Number: FCH1504V0CW
Firmware version: N/A
Software version: 7.1(3)E4
MAC Address Range: 503d.e59c.7ca0 to 503d.e59c.7ca0
App. name: IPS
App. Status: Up
App. Status Desc: Normal Operation
App. version: 7.1(3)E4
Data Plane Status: Up
Status: Up
License: IPS Module Enabled perpetual
Mgmt IP addr: 192.168.1.2
Mgmt Network mask: 255.255.255.0
Mgmt Gateway: 192.168.1.1
Mgmt web ports: 443
Mgmt TLS enabled: true
asa#
 previous next