Cisco IPS ASA SSM - 10

Similar Questions

• Update license of IPS ASA - SSM

  Hello

  We have an ASA-SSM-20 IPS, the license has expired and we purchased a Smartnet contract for the device.

  I would like to know how to upgrade the license.

  We tried to do the ASDM, and chose the option updates to cisco.com.we got the following error.

  internal error. Unable to send the license request. -4: unable to proxy transparent tunnel. Proxy returns "HTTP/1.1 403 Forbidden.

  How to solve this problem or how to do when you use the other option, how to get the license file.

  Best regards

  It seems that your AIP-SSM20 is configured to use an http proxy to connect to the Internet. If you allow the IP address of the AIP-SSM20 management in your web proxy, it may solve your problem.

  If this isn't the issue, you can always apply a license manually. Download your license file here:

  https://Tools.Cisco.com/swift/LicensingUI/home

  and apply via the ASDM or the CLI

  -Bob

• 20 IPS ASA - SSM password reset

  Hi all

  Must reset/recover the password to get rid, for some reason, we lost the password for the IPS 20 ASA - SSM module

  Please let us know the procedure that the reset of password hw-module command does not work.

  Use the reset passwrod hw-module command, you must have ASA 7.2.2 or later version.

• Certificate of host IPS ASA-SSM-20

  Hello!

  When I run the command of worm show on my IPS, this message appears: "host certificate valid from: November 26, 2009-November 27, 2011; Anyone know what this means? and how can I renew it?

  Concerning

  Edmundo

  Simple...

  Make sure your sensor time shows the correct date and time

  and run below command

  # tls generate keys

  Note: If you have added this feature CSM or IME, you must retrieve the new certificate of the aircraft to maintain the accessibility of the device

  Hope that helps.

  Thank you

  Suresh.

• ASA-SSM-20/40 IPS Software upgrade quesiton

  I'm looking to upgrade the IPS modules (ASA-SSM-20 and ASA-SSM-40) on two different ASA to ver 7.1 (11) E4 under this field notice:

  http://www.Cisco.com/c/en/us/support/docs/field-notices/640/fn64080.html

  My question is around if traffic through the firewall is affected during this update and subsequent restart of the IPS module.

  On the ASAs, a service policy is in place that will allow the traffic in the case where the IPS module becomes unavailable.  It comes, it will actually happen during the update?

  Suggestions and comments are welcome.

  Thanks in advance.

  John

  If your IPS is inline and as a whole do not open then the traffic through the ASA (in assuming an ASA standalone and do not form part of a pair of HA) will not be affected when the service IPS module reload.

  If an SAA is in a pair of HA and a service (ips, cxsc, or sfr) module fails, it will be by default triggers a failover event. (ASA 9.5 introduces the possibility to change this behavior.) The result is the same - no service interruption (Although TCP connections may need to restore if you have not configured stateful failover).

• Recording capacity for ASA firewall using ASA-SSM-20 IPS module.

  Hello

  Please could someone give some tips on how to get the ASA-SSM-20 to record information about something like Kiwi Syslog services etc. We just need to get the IPS alerts to generate the SMS/email feature to alert the various intervention teams.

  Thank you

  unfortantely, no syslog support

  http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00807335ca.shtml

  You can configure rules to send snmp traps, and you can pull events using CETS, IPS Manager Express and Cisco.

  If you have logging enabled on the ASA a syslog msg appears when the IPS is asking or blocking traffic.

  Here is a link to IPS configuration guides

  http://www.Cisco.com/en/us/products/HW/vpndevc/PS4077/tsd_products_support_configure.html

• Cisco ASA-SSM-20 analysis engine error...

  I get this error on my IPS, I restarted the couple times sensor but it stops again and signature updates do not move during this time, or it looks like.  I've heard great Cisco ID: CsCuc34812 but there isn't really any information available on this subject.  Any another race ASA-SSM-20 has experienced this problem and managed to resolve it?

  

  

  Hello

  All sensors should have a virtual sensor attributed to them, so they can inspect the traffic.

  I have connected the IPS2 and ran the following commands to assign the virtual sensor

  service-analysis engine

  vs0 virtual sensor

  physical interface gi0/1

  That's right!

  I guess that's how it should be?  How 2 IPS has managed to send me notifications if there is no virtual sensors assigned to him?

  We need to determine the type of notifications witch was the sending IPS (could be linked to the IPS himself, system notifications)

  Is there a CLI to confirm the IPS is active?  I have to assume that my upgrade caused these problems?

  The SAA

  Do sh-service policy and determine the number of packets is exchanged between IP addresses and ASA

  Kind regards

• Ssm - 20 upgrade: cisco ips canceled upgrade because...

  Hi all

  I have upgraded our ASA 55402 with SSM-20 modules.

  Upgrading a module version 7.0000 E4 to of 6,0000 E4 everything went well.

  However, the other returned the following error when you try to upgrade the image and recovery partition:

  -cisco ips update cancelled because another upgrade or downgrade is underway

  The firewall that I intend to do the upgrade is passive.

  Firmware ASA: v9.1.1.

  Search Internet and this forum.

  Everyone fell on this?

  Thanx

  Jaap

  "Reset the hw-module module 1' it cause no problems at all.

• Module of IPS ASA 5505 Cisco ASA-SSC-AIP-5 Auto Update

  Automatic update no longer work after November 14, 2014

  Cisco Intrusion Prevention System, Version 5,0000 E4, SSC-AIP-5

  Error: automatic update has selected a package ([https:[email protected] / * *///swc/esd/11/273556262/guest/IPS-sig-S838-req-E4.pkg) to the cisco.com Locator service, however, the package download failed: the host is not approved. Add TLS certificates approved of the host system.

  Automatic update can work without problem until November 14, 2014.

  I've added welcomes guests of tls trust

  # tls trust-facilitators
  72.163.4.161
  72.163.7.60

  Always faced with the same question

  Understand the Signature Update feature works automatic Cisco IPS

  http://www.Cisco.com/c/en/us/support/docs/security/IPS-sensor-software-version-71/113674-IPS-automatic-signature-update-00.html

  SPI uses the file transfer

  protocol defined in the file download data learned in the server manifest URL (currently using HTTP

  TCP (80)).

  The problem I see is that earlier before 14 nov it fetch the file signature with HTTP (works fine)

  but now, he's trying with HTTPS instead.

  A single session against 72.163.4.161 (have always been the HTTPS)

  A single session against 72.163.7.60, previous HTTP now it uses the HTTPS protocol

  Does anyone have a solution?

  fix.

  the problem with the location service should be set right now and you can continue to use the auto-update http

• ASA-SSM-10 inspection load 100% (version 7.0 (5 a) E4)

  Hi all

  I have a challenge with the IPS module in ASA5520, ASA-SSM-10. When we start a try to connect to Web servers, I get a load of 100% inspection and will slow down the traffic/performance.

  We test with 63000 sessions per minute making a load of: the test-servers (clients) on the web servers of 20,000 Kbps and traffic from servers web-back to the test-servers (clients) 75.000 kbits/sec.

  Can you please advise what to do because we cannot live with this environment only when this is fixed.

  Thanks in advance,

  Erik Verkerk.

  We have not used charge of inspection in order to determine the appropriate sensor performance, instead, we have relied on "percentage of failed package" reported by the sensor. When the sensor gets into trouble, that they will begin to run out of packets for inspection, this causes the sensor wrong determination of the TCP State for some of the connections. This causes the sensor to use more resources than necessary to inspect traffic, leading to lack more packages.

  It is its called the "death spiral" and we try to avoid it as much as possible.

  Cisco has a long and proud history of providing performance numbers 'blue sky' for their products. We used to refresh their numbers of performance of the IPS sensor by half, but they made improvements over the years and now we take only about 1/3 wide of reported values. You can see for yourself with real, live production traffic.

  I'm havn; t found the number of signatures in a meaningful way sensor effect performance unless you touch abnormally difficult or lit a large number or tuned to perform many actions per second.

  -Bob

• Equivalent to show disk0: ASA-SSM-10

  Hi, are you able to see the contents of the disc on an ASA-SSM-10 module? As the show disk0: command on my 5510? I know that it is an internal flash drive... Is that where the image files and configuration and software? Can we see these files and copy them to TFTP server?

  See you soon

  Phil

  Hi Philippe,.

  You can view this content through the service of IPS account. The downside is that you can access only with the supervision of TAC. If you want to see the configuration you can do a show config; If you want to see what version you are using you can do this through the show version command.

  HTH

  Luis Silva

  "If you need IDP (planning, design, implementation) assistance do not hesitate to contact us.

  http://www.Cisco.com/Web/partners/tools/pdihd.html

• Step how to configure ASA 5500 Series Security Services Module-10 (model: ASA-SSM-10)

  Dear support,

  I need to configure Security Services Module-10 (model: ASA-SSM-10) on my ASA 5510 firewall. Could you provide configuration step and how to connect to the module?

  Here is the information on the module

  ciscoasa (config) # sh Details of module 1
  The details of the Service module, please wait...
  ASA 5500 Series Security Services Module-10
  Model: ASA-SSM-10
  Hardware version: 1.0
  Serial number: JAF1115066U
  Firmware version: 1.0 (11) 2
  Software version: 1.0000 E1
  MAC address range: 001a.e268.5aa9 to 001a.e268.5aa9
  App name: IPS
  App status. : to the top
  App status. / / Desc:
  App version: 1.0000 E1
  Data of aircraft status: Up
  Status: to the top
  Mgmt IP addr: 133.1.9.144
  Web to MGMT ports: 443
  Mgmt TLS enabled: true

  your help is very appreciate.

  Thank you

  Best regards

  Hi Sothengse,

  Please find the samlpe on AIP SSM module configurations. You can go through this to begin with.

  http://www.Cisco.com/c/en/us/support/docs/security/ASA-5500-x-series-NEX...

  https://www.YouTube.com/watch?v=FgYU5ZXwk4g

  Concerning

  Knockaert

• ASA-SSM-10 improvement no license or signatures

  I successfully upgraded our ASA-5510 with the latest version of the software.

  Our IPS module however ASA-SSM-10 seems to be the settings to factory default with only an IP address that is configured without any permission or certificates. The ASA-SSM-10 module can be improved with the lack of licenses or certificates? In addition, by using PuTTY I am able to connect to the ASA-SSM-10 module and ping the module and my laptop that I have connected via the management port. I am unable to ping from the laptop to the module of ASA-SSM-10 well.

  Continuing the investigation in addition to the configuration of the management port IP address there is no VLAN, GW, image url or ip address of the configured port. Is there a simple way to upgrade the software on the ASA-SSM-10 without affecting our two ASA - 5510 that are configured for failover?

  I suppose I can do up to a VLAN, GW and port address to get my cell phone to ping to the ASA-SSM-10 module to upgrade without affecting our ASA-5510 that are configured for failover. ***

  You can attach more licenses for the legacy IPS until April 26. But the question is whether it is worth spending time and money in the present. The IPS legacy is dead and you should focus on firepower for IPS. But who does not work on your hardware.

• recharge an ASA - SSM the firewall itself effect?

  We lost the connection information for the IPS - SSM on our ASA 5520. It seems we should re image module with a version more recent software. It is currently not in use i.e. no rules for it on the firewall. This process will take the firewall offline at all?

  Sh command output:

  See the module of Firewall03 # 1

  Model serial number of map mod

  --- -------------------------------------------- ------------------ -----------

  1 ASA 5500 Series Security Services Module-20 ASA-SSM-20 xxxxxxx

  MAC mod Fw Sw Version Version Version Hw address range

  --- --------------------------------- ------------ ------------ ---------------

  1 001b.0ce2.xxxx to 001b.0ce2.xxxx 1.0 1.0 (11) 2 5,0000 E1

  The Application name of the SSM status Version of the Application of SSM mod

  --- ------------------------------ ---------------- --------------------------

  1 FPS up to 5.1 (5) E1

  Data on the State of mod aircraft compatibility status

  --- ------------------ --------------------- -------------

  1 up Up

  Firewall03 # display module 1 recover

  Module 1 retrieve parameters...

  Start the recovery Image: No.

  Image URL:ftp://0.0.0.0/ t

  Port IP address: 0.0.0.0

  IP gateway address: 0.0.0.0

  VLAN ID: 0

  No, it should not affect the operation of the firewall at all. He would suffer only if you use it inline with firm failure mode is activated.

• CSM up-to-date IPS AIP - SSM

  Hi all

  I need help. I'm setting up my 3.1 CSM to apply the update on my IPS AIP - SSM.

  I went to the FPS tab apply and choose Update cisco.com. But it's still as treatment for a long time.

  I tried to enter my username and password for the sensors or account of the BCC but still no improvement. Anyone know how to configure it. I tried to read the user guide there is no examples.

  Thank you

  The two IPS - K9 - 5.1 - 8.pkg abd IPS-SSM_10-K9-sys-1.1-a-5.1-8-E3.img will recreate the image on the partition recovery and the application partition.

  The System Image will erase everything before starting the imaging process.

  The Service Pack Upgrade file will first of all take the current configuration and convert it to work with the new version and save off the coast. Also several other special folders on the sensor (for example, the license file) will be saved off the coast. The imaging process will run and then the saved to the large files will be automatically applied to the probe.