Cisco IPS 7.1 Installation Guide Page 336

  • Download
  • Add to my manuals
  • Print
  • Page
    / 422
  • Table of contents
  • TROUBLESHOOTING
  • BOOKMARKS
  • Rated. / 5. Based on customer reviews
Page view 335
E-66
Cisco Intrusion Prevention System Appliance Hardware Installation Guide for IPS 7.1
OL-24002-01
Appendix E Troubleshooting
Troubleshooting the ASA 5500-X IPS SSP
If the ASAs are configured in fail-close mode, and if the ASA 5500-X IPS SSP on the active ASA
experiences a SensorApp crash or a service pack upgrade, failover is triggered and traffic passes
through the ASA 5500-X IPS SSP that was previously the standby for the ASA 5500-X IPS SSP.
Configuration Examples
Use the following configuration for the primary ASA:
interface GigabitEthernet0/7
description LAN Failover Interface
failover
failover lan unit primary
failover lan interface folink GigabitEthernet0/7
failover interface ip folink 172.27.48.1 255.255.255.0 standby 172.27.48.2
Use the following configuration for the secondary ASA:
interface GigabitEthernet0/7
description LAN Failover Interface
failover
failover lan unit secondary
failover lan interface folink GigabitEthernet0/7
failover interface ip folink 172.27.48.1 255.255.255.0 standby 172.27.48.2
Health and Status Information
To see the general health of the ASA 5500-X IPS SSP, use the show module ips details command.
asa# show module ips details
Getting details from the Service Module, please wait...
Card Type: IPS 5555 Intrusion Prevention System
Model: IPS5555
Hardware version: N/A
Serial Number: FCH1504V0CW
Firmware version: N/A
Software version: 7.1(3)E4
MAC Address Range: 503d.e59c.7ca0 to 503d.e59c.7ca0
App. name: IPS
App. Status: Up
App. Status Desc: Normal Operation
App. version: 7.1(3)E4
Data Plane Status: Up
Status: Up
License: IPS Module Enabled perpetual
Mgmt IP addr: 192.168.1.2
Mgmt Network mask: 255.255.255.0
Mgmt Gateway: 192.168.1.1
Mgmt web ports: 443
Mgmt TLS enabled: true
asa#
The output shows that the ASA 5500-X IPS SSP is up. If the status reads Down, you can reset it using the
sw-module module 1 reset command.
If you have problems with reimaging the ASA 5500-X IPS SSP, use the debug module-boot command
to see the output as it boots. Make sure you have the correct IP address for the TFTP server and you have
the correct file on the TFTP server. Then use the sw-module module ips recover command again to
reimage the module.
Page view 335
1 ... 335 336 337 ... 422

Comments to this Manuals

No comments