E-65
Cisco Intrusion Prevention System Appliance Hardware Installation Guide for IPS 7.1
OL-24002-01
Appendix E Troubleshooting
Troubleshooting the ASA 5500-X IPS SSP
This section contains troubleshooting information specific to the ASA 5500-X IPS SSP, and contains
the following topics:
• Failover Scenarios, page E-65
• Health and Status Information, page E-66
• The ASA 5500-X IPS SSP and the Normalizer Engine, page E-67
• The ASA 5500-X IPS SSP and Memory Usage, page E-68
• The ASA 5500-X IPS SSP and Jumbo Packet Frame Size, page E-69
• The ASA 5500-X IPS SSP and Jumbo Packets, page E-69
• TCP Reset Differences Between IPS Appliances and ASA IPS Modules, page E-69
• IPS Reloading Messages, page E-70
• IPS Not Loading, page E-70
Failover Scenarios
The following failover scenarios apply to the ASAS 5500-X in the event of configuration changes,
signature/signature engine updates, service packs, and SensorApp crashes on theASA 5500-X IPS SSP.
Single ASA 5500-X in Fail-Open Mode
• If the ASA is configured in fail-open mode for the ASA 5500-X IPS SSP, and the
ASA 5500-X IPS SSP experiences a configuration change or signature/signature engine update,
traffic is passed through the ASA without being inspected.
• If the ASA is configured in fail-open mode for the ASA 5500-X IPS SSP, and the
ASA 5500-X IPS SSP experiences a SensorApp crash or a service pack upgrade, traffic is passed
through the ASA without being inspected.
Single ASA 5500-X in Fail-Close Mode
• If the ASA is configured in fail-close mode for the ASA 5500-X IPS SSP, and the
ASA 5500-X IPS SSP experiences a configuration change or a signature/signature engine update,
traffic is stopped from passing through the ASA.
• If the ASA is configured in fail-close mode for the ASA 5500-X IPS SSP, and the
ASA 5500-X IPS SSP experiences a SensorApp crash or a service pack upgrade, traffic is stopped
from passing through the ASA.
Two ASA 5500-Xs in Fail-Open Mode
• If the ASAs are configured in fail-open mode and if the ASA 5500-X IPS SSP on the active ASA
experiences a configuration change or a signature/signature engine update, traffic is still passed
through the active ASA without being inspected. Failover is not triggered.
• If the ASAs are configured in fail-open mode, and if the ASA 5500-X IPS SSP on the active ASA
experiences a SensorApp crash or a service pack upgrade, failover is triggered and traffic passes
through the ASA 5500-X IPS SSP that was previously the standby ASA 5500-X IPS SSP.
Two ASA 5500-Xs in Fail-Close Mode
• If the ASAs are configured in fail-close mode, and if the ASA 5500-X IPS SSP on the active ASA
experiences a configuration change or a signature/signature engine update, traffic is stopped from
passing through the active ASA. No failover is triggered.
Comments to this Manuals