To access the AIP-SSM-10 through the ACS

Similar Questions

• the ACS 5.1 stopped authentication logs after restart!

  Hi all

  I recorded the configuration running on first startup and restarted the ACS 5.1. Since then he stopped authentication logs, if I can connect to network devices using Ganymede connection, but I get no logs of authentication Ganymede? Your prompt response will be appreciated

  Rgds

  HK

  Hello

  Can you please access the ACS CLI through SSH or Console and run "display the acs application state? Are all ACS services running or some hang on the State "Initializing" or "not tested"?

  If so, you might want to try a restart of services ACS with 'stop acs', then 'start acs '.

  If the reports are not displayed on the follow-up and reports it is generally considered a problem with ACS View services.

  I hope this helps.

  Kind regards.

• Cannot access the AIP SSM via ASDM

  CISCO recommendations below:

  Cannot access the AIP SSM via ASDM

  Problem:

  This error message appears on the GUI.

  Error connecting to sensor. Error Loading Sensor error

  Solution:

  Make sure that the IPS SSM management interface is up/down and check his IP address configured, default gateway and the subnet mask. It is the interface to access the software from Cisco Adaptive Security Device Manager (ASDM) on the local computer. Try to ping the address of management of IPS SSM IP interface on the local computer that you want to access the ASDM. If it is impossible to do a ping check the ACLs on the sensor

  ----------------------------------------------------------------------------------------------------------------------------------------------

  I've tried everything recommended above. I can ping the host ASDM the FW and the SSM-10 module. Well, I ping the host machine and the SSM of the ASDM. I opened as wide as possible ACL. I changed the IP addresses and masks several times. The management of the ASA port and the SSM and the PC are on the same subnet.

  A trace of package from the PC to the SSM shows that it is blocked by an ACL rule, and yet I opened wide.   I've seen this kind of problem before and it was solved by applying the double static NAT, but I don't know how to do that if all the IP addresses are on the same subnet.

  Tried everything, need help from high level.

  The IDM software that comes with ASDM does not support java 1.7. The portion of the ASDM ASA supports 1.7 but launch the IPS cmdlet works only with 1.6. The TAC enginner suggested that I use the IME (IPS Manager Express) which is available for free on the Cisco's (http://www.cisco.com/en/US/products/ps9610/tsd_products_support_general_information.html) Web site.

  I've been playing with it today, and so far it seems to work pretty well.

• AIP - SSM, failure to update the cisco Web site

  Hi all

  I want to know the reason why my AIP - SSM fails to update its signatures automatically from cisco website. I put the module do cisco automatic signature update, but it doesn't matter when he tries to update, it displays an error message that reads "= error: exception Autoupdate: HTTP failed to connect (1 111) ' find the exact error message attached. The interface of my AIP - SSM is behind the proxy of the company and I put the proxy to allow Module AIP - SSM establish a connection to the internet.  What could be wrong?

  Your help will be very appreciated.

  Concerning

  Automatic update to the signature of the IPS is not supported through proxy server.

  The configuration of the proxy server on the IPS is only for the overall correlation.

  You must allow direct access for the automatic update of signature to IPS.

• The AIP - SSM to unused ASA connection interface

  Hi people,

  Perhaps, someone has already raised this issue, but I was unable to find anything relevant. We have an ASA with an unused interface (gig0/3). The sensor of the AIP - SSM is physically connected to this interface with the following IP settings:

  Sensor (192.168.2.2/30,192.168.2.1)---interface ASA (192.168.2.1/30)

  It's basically point to point connectivity, and I can reach the ASA of the sensor and the other way around.

  This design is dictated by the lack of a free port on the switch.

  Technically, it should work without any problems, but I can't seem to be able to reach the sensor. There is a switch between my PC and the sensor and the switch has the corresponding static route added. I can reach the switch sensor.

  Is there a security feature hidden I don't know that prevent communication with the sensor.

  And ACL of the sensor allows the traffic to all networks (0.0.0.0/0)

  With the sensor acl set to 0.0.0.0/0, the sensor must be allowing connectivity.

  You can use the 'View of package' command on the sensor to look at packets on the interface command and control to see if the packets are what makes the sensor.

  You say that you have a static route on your switch for the switch reach your sensor. Do you know if your PC is configured to use the switch as the computer's default router. If the PC is to use a different default router, then the other router should also the static route.

  The other possibility is that the SAA itself can be deny traffic.

  Since this is an ASA connected to the MSS interface, the traffic must be routed through the ASA. Standard firewall rules apply to this traffic. The security level of the interfaces can prevent traffic, and an ACL may be necessary in order to allow the circulation of your PC be routed to the SSM.

  NOTE: If you don't want to have to worry about roads, the other alternative is to make the network between the ASA and SSM to be an isolated network that only 2 machines know.

  You can then use PAT static to map a port on the inside of the ASA interface with the address of the SSM 443 https port and map a second port of the SAA within the interfaces to the address of the SSM SSH port.

  How your home PC would simply plug the ASA IP using these specific ports and the ASA would do the translation of port and transmit on the MSS.

  The SSM address could also be dynamically PAT would have on the SAA within the address, so SSM could start the connection to other machines on the inside network.

  Another alternative if you have addresses available on your inside network IP is to use static NAT instead of PAT. And just go forward and has the ASA statically map an IP network on IP of the SSM on the network that only the ASA and the SSM inside could know.

  In both cases the network between the ASA and SSM would not routable at, and you wouldn't have to worry of reproducing static routes anywhere.

  SIDE NOTE: A separate network for the SSM you Becase you will also need to NAT or PAT address of the SSM for the ASA to outside interface. In this way the SSM will be able to connect to Internet to download cisco.com auto updates, and/or pull overall correlation of servers cisco information. It's probably the same configuration that you would already other internal addresses, and just to be sure, you cover the SSM since you have it on a separate subnet.

• problem loading page (404 error) it says that the page cannot be found when I try to access the game gangsters through my mysapce account and I can not access is no longer with firefox and I want to know why I can't, guys please can you get?

  I can't access my account of gangsters through myspace. «whenever I try to open it I get "problem loading page" "404 error" "this page cannot be found" and it won't let me access it.» MySpace works fine, but as soon as I click on the application of gangsters I get the 404 error, this page could not be found, problem loading page! can you please help?

  This has happened

  Each time Firefox opened

  == I am trying to access game of gangsters through myspace

  The problem can be solved by opening FF and choose the tools... To Add one... Select the SEARCH addon, then choose UNINSTALL FF browser... When asked to restart, then reload the gangsters. It worked for me. The suggestion on the 404 that says to remove the search via Add/Remove programs is completely BS, that research does not appear there.

• All my iTunes music is on a disk hard Ext. connected to my home network through a router. Is it possible that devices that are part of my home network share iTunes can access the music on this disc hard Ext. without my laptop being on?

  All my iTunes music is on a disk hard Ext. connected to my home network through a router. Is it possible that devices that are part of my home network share iTunes can access the music on this disc hard Ext. without my laptop being on?

  Additional information: the laptop is what I used to install all the music, via iTunes, which is located on the external hard drive connected through home network router.

  Is it possible that devices that are part of my home network share iTunes can access the music on this disc hard Ext. without my laptop being on?

  Laughing out loud

• Can I make my Vonage phone service and always access the internet through MSN Premium

  Can I make my Vonage phone service and always access the internet through MSN Premium

  Hello

  The question you posted would be better suited to the MSN support. I suggest you to contact MSN support for assistance.

  How to contact MSN customer service
  http://support.Microsoft.com/kb/940784
  https://support.MSN.com/contactus.aspx?scrx=1
  http://answers.MSN.com/forums.aspx?ProductID=29

• Unable to see the computers in the workgroup or server to print to my HP laptop, but I can all ping and access the internet through the router.

  I have a laptop HP with XP pro. I have a network with 2 computers laptops (Dell and HP), 1 office and 1 DP300U DLINK print server with a static IP address. I use a LINKSYS WRT110 router. Everything is connected through this router. I can ping ALL laptops, the office and the print server. I can access internet from all laptops and office. All THE MACHINES are in the same workgroup. Only from my DESKTOP (XP HOME), I can click on FAVORITES NETWORK, click VIEW group of WORK COMPUTERS and I can see the other compters and the print server. However, since my computer Dell laptop or HP LAPTOP (XP PRO) I can PING the router and the journal in it, all the other machines and print server but can NOT SEE THE OTHER COMPUTERS or ACCESS THE PORTABLE HP computer or the other laptop. I turned off all firewalls and firewall McAfee (PORTABLE HP computer) and still no joy. I think that there is a box ticked somewhere or the one that is checked and who should not, but I can't find out where it is or something else to look at. Any ideas would be appreciated.

  I suggest you take a look at:

  http://support.Microsoft.com/kb/318030/

  You can run fixit in the PC that encourage the problem this fixit automatically.

• My computer can not VAT registration and access the internet when connected to the network [secure] through wireless.

  Original title: fix problem 'local only' what is wireless.
   
  -My computer is a HP Pavilion dv5, running windows vista edition Home premium

  -My computer can identify and access the internet when connected to the network through a cable.

  -My computer can identify and access the internet when it is connected to the grace wireless network [without warranty].
  -My computer can't identify [unidentified network] and [room only] internet access when it is connected to the [secure] grace wireless network?
  -Other information systems, identify and access the internet when it is connected to the [secure] grace wireless network.
  -J' confirmed the network, try password works in "safe mode with network", manually configured (TCP/IPv4) using a connected computer.
  S ' Please, I'm desperate and in urgent need of help.

  Hello

  1. If it works well before?

  2 have you made any changes to the computer before the show?

  Method 1:

  You may experience connectivity problems or performance issues when you connect a portable computer that is running Windows Vista or Windows 7 to a wireless access point:
  http://support.Microsoft.com/kb/928152

  Method 2: Uninstall and reinstall the network adapter drivers.

  Follow the steps mentioned.

  (a) click Start, right click on computer.
  (b) click on properties, click on Device Manager
  (c) expand the network card, right-click the wireless adapter option
  (d) click on uninstall
  (e) now go to your computer/wireless device manufacturer's website, download the updated drivers and install them.

  Follow the below mentioned article:
  Updated a hardware driver that is not working properly
  http://Windows.Microsoft.com/en-us/Windows-Vista/update-a-driver-for-hardware-that-isn ' t-work correctly

• Cannot access internet without going through "Online Help & Support." ("Windows cannot access the specified path. You cannot ot have permission.)

  Problems: Access to the internet.    2. right of PC, for example, clock, Favorites, etc. does not appear on the screen while booting.

  3. cannot access the Micro password

  Error message: «Windows cannot access the path specified...» »

  When I'm online through the icon help & Support, still cannot access all the other icons; needs access to sites through links.

  First of all, there is problem when I played the game on 'brightness (MySpace link); PC seems to crash and the problem has continued since then.

  I have no idea what to do and I'm a bit of a novice.  In addition, have physical difficulties which slows me down or interferes with the ability to work through problems.

  Applications and links of Facebook can be very dangerous. Please start with the basics to ensure that you are working from a clean base. You will need to obtain the tools of a different, known-clean computer with access to the Internet and put them on a USB stick to transfer to the affected machine.

  http://www.elephantboycomputers.com/page2.html#Removing_Malware

  If you can't do the work yourself (and there is no shame in admitting this isn't your cup of tea), take the machine to a professional computer repair shop (not your local equivalent of BigComputerStore/GeekSquad). If possible, have all your data backed up before taking the machine into a shop.

  MS - MVP - Elephant Boy computers - don't panic!

• Cannot access the drives on my pc through my computer vista laptop windows 7

  I'm trying to network my vista pc and my laptop win 7.  See the vista pc and have access to all files and drives on my laptop win 7.  But my laptop win 7 can't access the drives (I have 2) on my vista pc.  The win 7 see the vista on my network pc.  I can access the vista computer, I can see readers, but access is denied to 'no permission, contact your administrator. "  The public record access very well, but not the 'c' and 'n' readers.  "N" is an extra internal drive, which I added.

  I double checked that the readers are shared, said permission to everyone, even turn off the password just in case.

  I have read another view and tried everything that seems near, please help.

  I am also able to connect to my vista through Windows Media Player media files.  Just not able to access my files in the readers.

  In Vista, go to start / network / network and sharing Center and make sure network sharing, file sharing, sharing protected by password and share multimedia files are all checked.

  If this isn't the problem, please repost your question in the Forums of Windows7 (that you are able to access Vista and not of Windows7 is a Windows7 problem - although it probably involves some changes in Vista as well) to: http://social.answers.microsoft.com/Forums/en-US/category/windows7 where people who specialize in issues of Windows7 will be more than happy to help you with your problem.

  Good luck!

  Lorien - MCSA/MCSE/network + / has + - if this post solves your problem, please click the 'Mark as answer' or 'Useful' button at the top of this message. Marking a post as answer, or relatively useful, you help others find the answer more quickly.

• Reloading of the AIP - SSM

  reload the module AIP - SSM affect the ASA?

  Exactly. If you don't have a political card by using the SSM module, then you can reload the module SSM and it does not affect the traffic passing by ASA. To give you more information, here is a link that gives you information on how to configure ASA to use the SSM module:

  http://www.Cisco.com/univercd/CC/TD/doc/product/multisec/asa_sw/v_7_2/conf_gd/firewall/SSM.htm#wp1050744

  Hope that helps.

  Kind regards

  Maryse.

• Failed to update of the signing of the AIP-SSM-10

  I hope someone can help me, I am unable to get the signature autoupdate working on our ASA 5510 IPS. We have a valid support contract, our user name does not include and special characters, and I am able to download the files of signature on the site by using our BCC.

  When trying to get through Auto/cisco.com update if I get the following in the event logs each attempt update:

  evError: eventId = 1319467413849005289 = severity = error Cisco vendor

  Author:

  hostId: xxxx

  appName: mainApp

  appInstanceId: 354

  time: October 26, 2011 11:40:01 UTC offset = 60 timeZone = GMT00:00

  errorMessage: AutoUpdate exception: failed to connect HTTP [1 111] name = errSystemError

  I've included a conf 'show' and a 'facilitator stat"below.

  See the XXXXXX conf #.

  ! ------------------------------

  ! Current configuration last modified Wed Oct 26 10:48:07 2011

  ! ------------------------------

  ! Version 7.0 (6)

  ! Host:

  !     Domain keys key1.0

  ! Definition of signature:

  !     Update of the signature S604.0 2011-10-20

  ! ------------------------------

  service interface

  output

  ! ------------------------------

  authentication service

  output

  ! ------------------------------

  rules0 rules for event-action service

  output

  ! ------------------------------

  service host

  the network settings

  Host-ip 10.x.x.x/24,10.x.x.x

  hostname xxxxxx

  Telnet-option turned off

  access-list 10.x.x.x/32

  access-list 10.x.x.x/16

  access-list 10.x.x.x/32

  primary-active DNS server

  address 10.x.x.x

  output

  secondary-server DNS disabled

  tertiary-disabled DNS server

  output

  time zone settings

  offset 0

  standard time-zone-name-GMT00:00

  output

  NTP-option enabled-ntp-no authenticated

  Server NTP 10.x.x.x

  output

  Summertime-recurring option

  Summertime-zone-name GMT00:00

  Start-summertime

  last week of the month

  output

  end-summertime

  month October

  last week of the month

  output

  end-summertime

  month October

  last week of the month

  output

  output

  automatic update

  Cisco-Server enabled

  scheduling periodic-calendar option

  beginning 00:40:00

  interval 1

  output

  username xxxxxxxxxxxxxxx

  Cisco-url https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

  output

  output

  output

  ! ------------------------------

  service recorder

  output

  ! ------------------------------

  network access service

  output

  ! ------------------------------

  notification services

  output

  ! ------------------------------

  Service signature-definition sig0

  output

  ! ------------------------------

  Service ssh-known-hosts

  output

  ! ------------------------------

  trust-certificates of service

  output

  ! ------------------------------

  web-server service

  output

  ! ------------------------------

  Service-ad0 anomaly detection

  output

  ! ------------------------------

  service interface external product

  output

  ! ------------------------------

  health-monitor service

  output

  ! ------------------------------

  service global correlation

  output

  ! ------------------------------

  aaa service

  output

  ! ------------------------------

  service-analysis engine

  vs0 virtual sensor

  Physics-interface GigabitEthernet0/1

  output

  output

  XXXXXX # host stat

  General statistics

  Last updated to host Config (UTC) = 27 October 2011 08:27:10

  Control device control Port = GigabitEthernet0/0

  Network statistics

  = ge0_0 link encap HWaddr 00:12:D9:48:F7:44

  = inet addr:10.x.x.x Bcast:10.x.x.x.x mask: 255.255.255.0

  = RUNNING UP BROADCAST MULTICAST MTU:1500 metric: 1

  = Dropped packets: 470106 RX errors: 0:0 overruns: 0 frame: 0

  = Dropped packets: 139322 TX errors: 0:0 overruns: 0 carrier: 0

  = collisions: 0 txqueuelen:1000

  = RX bytes: 40821181 (38.9 MiB) TX bytes: 102615325 (97.8 MiB)

  = Address: 0xbc00 memory: f8200000 of base-f8220000

  NTP statistics

  = distance refid st t when poll reach delay offset jitter

  = * time.xxxx.x 195.x.x.x 3 u 142 1024 377 1, 825 - 0.626 0.305

  = L LOCAL (0) LOCAL (0) 15 59 64 377 0.000 0.000 0.001

  = ind assID status conf scope auth condition last_event cnt

  = 1 43092 b644 Yes Yes No sys.peer 4 available

  = 2 43093 9044 Yes Yes No accessible release 4

  status = synchronized

  Memory usage

  usedBytes = 664383488

  freeBytes = 368111616

  totalBytes = 1032495104

  Statistics of Summertime

  Start = GMT00:00 03:00 Sunday, March 27, 2011

  end = GMT00:00 01:00 Sunday October 30, 2011

  Statistics of the processor

  Its use in the last 5 seconds = 51

  Its use during the last minute = 44

  Its use in the last 5 minutes = 50

  Memory statistics

  Use of memory (bytes) = 664383488

  Free MEMORY (bytes) = 368111616

  Auto Update Statistics

  lastDirectoryReadAttempt = 08:40 GMT00:00 Thursday, October 27, 2011

  = Reading directory: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

  = Error: Auto update an exception: failed to connect HTTP [1 111]

  lastDownloadAttempt = n/a

  lastInstallAttempt = n/a

  nextAttempt = GMT00:00 09:28 Thursday, October 27, 2011

  Auxiliary processors installed

  Thank you very much.

  Your error message indicates "HTTP connection failed."

  Management interface you can access the internet via HTTP sensor?

  You have a proxy between the sensor and the internet?

  Can you ping the sensor to open internet IP addresses (like google.com)?

  -Bob

• AIP - SSM recreate the image in secondary ASA 5500 (failover) with virtual contexts

  Hello guys,.

  The scenario is as follows:

  2 ASA 5500 with virtual contexts for failover.

  The ASA elementary school has the work of the AIP-SSM20.

  ASA school (which is in active / standby) has its SSM20 AIP to work now and everything is in production.

  Someone tried to configure this 2nd AIP - SSM, changed the password and lost, so I tried to re - the image (without authorized passage recovery), but the connection fails on the TFTP server, where is the image of the AIP - SSM.

  Now questions, documentation Cisco re-imaging view orders under ASA #.

  but as this scenario has several virtual contexts the ASA # shell contains no IP address as you know (which I suppose is the reason why the ASA cannot download the image from the TFTP server) and switch to another context (ASA / admin #) re-imaging commands do not work (hw-module module 1... etc...).

  What is the solution? Is there documentation for it (with security contexts)?

  Thank you very much for reading ;) comment on possible solutions.

  Yes,

  Some things to keep in mind.

  (1) run 'debug module start' on the SAA before running the command "hw-module module 1 recover boot. This will show you the ROMMON of the MSS output as it tries to make the new image and you can look for any errors.

  (2) before trying to download from the SSM, first use a machine separate download tftp from your laptop. This will ensure the TFTP on your laptop works and confirm what directory (if any) that you can use as the file location.

  (3) if the tftp download does not SSM, then the SSM is unable to properly connect to your laptop. You need a crossover cable to connect your laptop to the SSM. If you have a crossover cable, then you could try to connect the MSS and your laptop to a small hub, or configure a new vlan on your switch with only 2 ports and connect the MSS and your computer laptop this vlan 2 port.

  (4) also try the download first at the end of the gateway to 0.0.0.0 since your laptop and the SSM will be on the same subnet. If this does not work then you can try a non-existent 30.0.0.4 address as gateway.

  (5) understand that the IP address that you specify for the MSS using the command "configure the hw-module module 1 recover" is just temporary for download. Once an image is installed, then sitting at the module and run the "setup" command in order to configure the permanent address you want ure on external port of the SSM. This address in the "setup" command can the same as that used in the command 'get the 1 hw-module module configure' or a completely new (as in your case). Just make sure that you connect to the network just to what address you give.