Support User Manuals

Cisco Systems IPS4520K9 Network Router User Manual

Open as PDF

of 460

E-76

Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1

OL-24002-01

Appendix E Troubleshooting

Troubleshooting the ASA 5585-X IPS SSP

Traffic Flow Stopped on IPS Switchports

Problem

Traffic on any port located on the ASA 5585-X IPS SSP (1/x) no longer passes through the

adaptive security appliance when the ASA 5585-X IPS SSP is reset or shut down. This affects all traffic

through these ports regardless of whether or not the traffic would have been monitored by the IPS. The

link on the ports will link down when the ASA 5585-X IPS SSP is reset or shut down.

Possible Cause

Using the ports located on the ASA 5585-X IPS SSP (1/x), and resetting or shutting

it down via any mechanism.

Solution

Use the ports on the adaptive security appliance (0/x) instead because those ports do not lose

their link when the ASA 5585-X IPS SSP is reset or shut down.

Health and Status Information

To see the general health of the ASA 5585-X IPS SSP, use the show module 1 details command.

asa# show module 1 details

Getting details from the Service Module, please wait...

ASA 5585-X IPS Security Services Processor-20 with 8GE

Model: ASA5585-SSP-IPS20

Hardware version: 1.0

Serial Number: ABC1234DEFG

Firmware version: 2.0(1)3

Software version: 7.1(1)E4

MAC Address Range: 8843.e12f.5414 to 8843.e12f.541f

App. name: IPS

App. Status: Up

App. Status Desc: Normal Operation

App. version: 7.1(1)E4

Data plane Status: Up

Status: Up

Mgmt IP addr: 192.0.2.3

Mgmt Network mask: 255.255.255.0

Mgmt Gateway: 192.0.2.254

Mgmt Access List: 10.0.0.0/8

Mgmt Access List: 64.0.0.0/8

Mgmt web ports: 443

Mgmt TLS enabled true

asa

The output shows that the ASA 5585-X IPS SSP is up. If the status reads

Down

, you can reset it using the

hw-module module 1 reset command.

asa# hw-module module 1 reset

The module in slot 1 should be shut down before

resetting it or loss of configuration may occur.

Reset module in slot 1? [confirm]

Reset issued for module in slot 1

asa# show module 1 details

Getting details from the Service Module, please wait...

Unable to read details from slot 1

ASA 5585-X IPS Security Services Processor-20 with 8GE

Model: ASA5585-SSP-IPS20

Hardware version: 1.0

Serial Number: ABC1234DEFG

Firmware version: 2.0(7)0

Software version: 7.1(1)E4

MAC Address Range: 5475.d029.7f9c to 5475.d029.7fa7

App. name: IPS

previous next