IPS management on VPN

Have a problem with the return traffic to a management of ips across a vpn tunnel interface. The phase 1 and Phase 2 works fine

but the return traffic does not return to the ASA (IPS, gateway). The IPS 4260 (v 7.08) was still connected directly to the ASA

but still no return traffic (#pkts program: 0)


#pkts decaps: increments as intended (with icmp tests) so I know that demand is getting there.

I think that the rules are properly configured as #pkts program: increments during the test to a switch (IP address) moved over the IPS.

Lack of debugs on the SAA, but don't see anything.

IPS has the simple config with permit ACL 0.0.0.0/32

Is there something that makes the IPS or a combination thereof with the ASA to no answer?

Thank you

Pete

Hello

It should be:

0.0.0.0/0

Kind regards

Julio

Tags: Cisco Security

Similar Questions

  • IPS Manager Express (IME)

    Hello everyone,

    I recently found a new product data sheet - called Cisco IPS Manager Express, looks a bit like a new implementation of the IPS event viewer.

    Currently downloading the software displays an error, but everything else is present.

    Short url is cisco.com/go/ime

    What is someone is aware of this tool? How to download?

    Concerning

    Mathias

    EMI is the next generation of VEI.

    It will keep track of IPS events and will also probe version 6.1 IPS configuration.

    IME is intended for deployment of sensors of 5 or less.

    EMI was announced earlier this week.

    It is in final testing and will be available in the next month or 2.

    IME will be available for download on cisco.com without extra charge for customers with active Service Cisco IPS contracts on their sensors.

    Besides IPS version 6.1 also announced, as well as the AIP-SSM-40 for the ASA firewall.

    IPS version 6.1 is mainly changes to work with the new Editor IME.

    The AIP-SSM-40 is the more powerful version of the AIP-SSM-10 and the AIP-SSM-20 and is meant for use inside the ASA 5520, and ASA 5540.

  • ASA/IPS and IPS Manager Express

    I am trying to add my sensor to the IPS Manager Express but I keep the following error. IOException when trying to get certificate:java.security.cert.CertificationExpiredException: notafter Sam may 10 * 2008.

    I'm sure it's simple but can find how to solve this problem.

    Kind regards

    D

    This means that the SSL/TLS certificate on the web server of your sensor has expired on May 10, 2008.

    It is very common for the sensors that have been active for more than a year. When a sensor is generated, it is usually valid for only a year or two.

    You just need to create a new SSL/TLS certificate for your sensor.

    Connect on your sensor and run "tls key generate."

    http://www.Cisco.com/en/us/partner/docs/security/IPS/6.1/command/reference/crCmds.html#wp504369

    But remember that, once you do this, you should make sure attend you all other management systems that connect to your sensor and make sure the management system pulls down and accepts this new certificate (which often requires you to push some type of button I agree to the new certificate).

  • SSM, Cisco IPS Manager, IPS version 1.0000 E2 module

    When in the EPI manager and I try to make a change to the pilices, I get the following error.

    Failed to retrieve the configuration information for the sensor

    No idea what causes this error.

    Kind regards

    Dan

    Dan-

    If your "IPS" Manager CSM, you should check you have connectivity between the server and the sensor and your CSM is a host that is allowed on the sensor (one day our CSM decided to erase a lot of list of hosts allowed our sensor, how fun).

    You can re-import your sensor in CSM, or I have deleted much troubling problems to simply remove the sensor to the CSM and adding them as new.

  • Cisco IPS Manager Express

    I'm under IPS Manager Express 7.0.3, followed by several devices of ASA - SSM.  Recently the devices begin to show errors Event Status and sensor health seen in IPS Maine.  When I do a status of the device of the EMI, is getting the following error:

    Unable to get the version of the sensor. Exception: java.security.cert.CertificateExpiredException: NotAfter: Thu Aug 25 14:40:47 GMT + 12:00 2011

    If I delete the device from the EMI and then add it back in, I get the same error when the software tries to connect and so can add the device in IME.  I can't find mention of this in the IME or Online help document in IME software help.  I don't know which certificate software is the reference to.

    Has anyone seen this problem before?

    Thank you

    EDIT: Error nice to server ssl certificates expired on the IPS modules.  Generated new certificates and updated IPSME and CSM to recognize these and now they are all good.

    Hi Mike. Looks like you solved this before an answer was published. FYI (and good documentation incase everyone knows the same question and concludes this discussion), it is well documented here.

  • IPS manager express

    the cisco IPS manager Express (IME) can be used to manage IPS appliances how to max?

    It can be used to manage up to 10 IPS sensors.

    This is IME sheet for your reference:

    http://www.Cisco.com/en/us/prod/collateral/vpndevc/ps5729/ps5715/ps9610/data_sheet_c78-459033.html

    Hope that helps.

  • 7.1.1 IPS Manager express can not add the device

    I am trying to add my sensors AIP - SSM IPS Manager 7.1.1 (new facility 2003 32bits).

    Java updated, direct connection. I can ping the sensors.

    Error is:

    Could not check config name of username/password [null]

    I can't connect my sensors with IDM 7.0 no problem with the same name of user and password I tried in the Manager of the IPS, but they do not seem to work.

    Any ideas what I am doing wrong?

    Thank you.

    Looks like you're hit bugID: CSCto03344

    http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCto03344

  • IPS Manager Express or Cisco Security Manager?

    Hi all

    We think buy the license for the 5512 IPS - that of above (IPS Manager Express or Cisco Security Manager) is the right tool to read about management purposes? Or I can be selected? If I can choose either, which guy are you advocating?

    See you soon!

    M

    How many systems do you have? If the number is high, the CSM is the way to go. Manage many systems (and keep them in sync with the same political) with IDM and IME is a nightmare. But if it is a single system, the EMI is the right tool for you. It works very well for the follow-up (up to 10 devices) and can also manage them (individually, it is not so easy for more then another system). And it's free.

    --
    Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
    http://www.Kiva.org/invitedBy/karsteni

  • Does anyone have a guide to the Cisco IPS Manager Express Administrator?

    Hello.

    Does anyone have a guide to the administrator of the Cisco IPS Manager Express?, I need to update my license some a procedure?, if I have an IPS with Bypass the configuration at the time of the closing of SPI interfaces will license update or will have no affection?

    Thank you.

    Here you will find guides - everything depends on your version:

    http://www.Cisco.com/en/us/products/HW/vpndevc/PS4077/products_installation_and_configuration_guides_list.html

    For example, here is the 7.1 version SEO licenses:

    http://www.Cisco.com/en/us/docs/security/IPS/7.1/Configuration/Guide/IME/ime_sensor_management.html#wp2219086

    Apply a license will not stop interfaces... However, if you apply an update of the signature, you'll stop traffic for a short time during the installation of the signatures up-to-date inspection.

    Hope that helps.

  • 4240 IPS management interface MAC address

    Hi all

    I use DHCP in my network. And I need to book a single IP address for the Interface of management of the IPS.

    I tried to get the MAC but could not. It is not yet on the Show of support.

    Can a please tell me how to get the MAC address IP management interface?

    If the interface to see the output does not give you this information, you can connect via the service account and run the command "ifconfig - a". Just make sure you do a 'su' - otherwise this command is not available.

    Please note if useful :)

    Concerning

    Farrukh

  • ASA5505 management via VPN/Anyconnect without group

    I have 2 questions about the configuration of the SAA.

    The first is related to the SSL VPN configuration. Just one group of users to which you connect to our main office via remote access. Is there a way to configure SSL VPN to not display a group selection?

    I have the omission of the list of the groups-tunnel-enable command and configuration group on user accounts locking, but neither work.

    Secondly, I am at a loss on how to configure ssh to allow users connected via VPN connections. I guess:

    SSH 172.16.1.0 255.255.255.0 inside

    with 172.16.1.0 24 is the ip pool assigned to remote access vpn users would do so, however, it's a no go. How can users of remote access (which are for the most part, all technicians) granted the possibility to connect to the device?

    Thanks for your help.

    To be able to manage the ASA via SSH via a VPN tunnel, you will need to enter the configuration command "in man".

  • ACS seems to forget IPs assigned to VPN connections

    Hi, I hope I am posting this in the right place and give the illusion that I have a pretty good idea of what I'm talking about. Otherwise, I apologize and would be recognizing all relevant entry.

    My problem is that after authenticating correctly to ACS/RSA, VPN users receive a correct of the Pool of IP in their respective IP address, but GBA seems to forget that the IP address was assigned after a while so, for example, it shows 0 assigned IP address when the firewall reports that there are 4 active connections. What will happen inevitably, is that someone will eventually get assigned to an IP address previously assigned to an already existing connection, causing 0 connectivity on the network to the VPN user.

    I assume this is a failure of communication between the firewall and the ACS in terms of which connections are still alived and IPs should be available.

    Can someone idea me in mechanisms to interact the ACS and the firewall with regard to connection information active any experience or knowledge with this problem or maybe?

    Thanks in advance.

    

    Thank you for the response. It is currently set for 2 hours, but I guess I'm confused as to some of the terminology in regards to it releasing IP addresses not in use.
    

    For example, if there is a valid VPN connection for 4 hours, it seems that the ACS will recover the IP after 2 hours, so does that mean 2 hours in, the IP will get re-assigned regardless? Or is there supposed to be some mechanism in place that says the connection is still valid so the IP is kept assigned beyond the 2 hour period?
    

    Thanks again.

    Hello

    I do not think that there is a mechanism if ACS provides to the client the ip address, but yes, you can adjust the time of realease. I suggest you make time to 5-6 hours, we set up in our data center, the time is so great, it's the fact is that the user may not work for more than contnous for 5 to 6 hours if at all then connection will break and once agin it will be assigned to the new ip address once the user connects. It won't be problem in the normal network.

    Hope to help

    So useful don't rate

    Ganesh.H

  • ASA5515X-IPS management 0/0 to the LAN

    I have installed recently two ASA5515X in a/s each with the ID. When I got in the lab, I was able to access the IPS through EMI but now that he's in the data center it doesn't (of course). I have the IP addresses that are configured with an IP address on our local area network and the ASA Management0/0 interface configured as:

    interface Management0/0

    No nameif

    security-level 100

    no ip address

    management only

    Management0/0 interface is plugged into a switchport on our networks VLAN. The ASA's see the IPS that up, and I checked the IPS network settings. Any ideas? I forgot something? TIA!

    Hello

    Very well. Let us know any update.

    The person in charge of the case will have access to the area so that he or she will be able to run a few catches.

    It's weird that you don't have the MAC address of the IPS module on the switch, I would check the topology of layer 2 first.

    Kind regards

    Julio

  • What IP address will be used for sending a test e-mail in the express IPS Manager?

    Hi all

    I intend to use the IPS Maine e-mail notification feature.

    There is a question confused me. The test Email can work only half the time, again can't.

    I want to know what IP address will be use for this SMTP connection.  Maybe I used an ACL to allow this traffic.

    Does anyone know what the problem is for this?

    My camera is 5585 X with IPS SSP20.

    Hello

    There should be no blocking communication between the host of the EMI and your SMTP server. Check if the communication is fine.

    Kind regards

    Akshay Rouanet

  • Cisco IPS Manager Express 7.0.1

    I just want to check if the following works:

    -Under Configuration > IPS > monitoring sensor > time Actons > blocks host is configured correctly

    I joined a few hosts must be blocked and I see the following:

    -On the connection block active tab it shows 'false' for any host that I enter. ???

    Thanks in advance for your help.

    False means that the blocking rule was not lit (not activated)

    This means that someone could have configured the previous rule, however, did not allow it.

    If you click on the 'Add' button, you will be able to see what I mean (the "enable blocking connection" must be checked to block the host configured), and it will show as 'Real' once activate you it.

    Hope that answers your question.

Maybe you are looking for

  • Why firefox is always as he installed the first time?

    Firefox always opens as program installed at the first time. I mean check the Add-ons and a screen of 'what's new' shows at the beginning, every time when I open it. Why is this happening? Windows 7 Home BasicLenovo Firefox 6.0.2Pentium P61003 GB ram

  • Ex2700 admin / admin does not work

    I try to install my ex2700 extender but when I run the wizard on http://www.mywifiext.com When I go to admin/admin, it does not work I need an idea please!

  • What kind of noise is responsible for Satellite A100-599

    I just have a question.What his type of my laptop is supported. It supports 5.1 speakers? He supported his surruond? I'll connect my 5.1 speakers via the USB port.Thanks for the replies.

  • SOS! IdeaTabA1000-F starts do not. :(

    Dear friends, I bought an IdeatabA1000-F of Saudia some 3 months back. It just stopped working (black screen) without any obvious reason. Can someone help me how to restart; I tried to reboot by pressing the reset button, individually as well with th

  • Vista updates causing interference day and PC crashing.

    Greetings, I have a tiny little problem. It seems that the new updates for Windows Vista has been causing some intolerable freeze and crash my PC. I don't understand quite updates are causing it. How ever I can officially say that BEFORE I updated my