E-63
Cisco Intrusion Prevention System Appliance Hardware Installation Guide for IPS 7.1
OL-24002-01
Appendix E Troubleshooting
Troubleshooting the ASA 5500 AIP SSM
• 1330.12
• 1330.14
• 1330.15
• 1330.16
• 1330.17
• 1330.18
For More Information
For detailed information about the Normalizer engine, see Normalizer Engine.
The ASA 5500 AIP SSM and the Data Plane
Symptom The ASA 5500 AIP SSM data plane is kept in the Up state while applying signature updates.
You can check the ASA 5500 AIP SSM data plane status by using the show module command during
signature updates.
Possible Cause Bypass mode is set to off. The issue is seen when updating signatures, and when you
use either CSM or IDM to apply signature updates. This issue is not seen when upgrading IPS
system software.
The ASA 5500 AIP SSM and Jumbo Packet Frame Size
Refer to the following URL for information about ASA 5500 AIP SSM jumbo packet frame size:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1328
869
Note A jumbo frame is an Ethernet packet that is larger than the standard maximum of 1518 bytes (including
Layer 2 header and FCS).
The ASA 5500 AIP SSM and Jumbo Packets
The jumbo packet count in the show interface command output from the lines Total Jumbo Packets
Received
and Total Jumbo Packets Transmitted for ASA IPS modules may be larger than expected
due to some packets that were almost jumbo size on the wire being counted as jumbo size by the IPS.
This miscount is a result of header bytes added to the packet by the ASA before the packet is transmitted
to the IPS. For IPv4, 58 bytes of header data are added. For IPv6, 78 bytes of header data are added. The
ASA removes the added IPS header before the packet leaves the ASA.
Comments to this Manuals