ASA5520 with AIP-SSM40 - unresponsive

Similar Messages

• For how long ASA with AIP 20 keeps events?

  I have ASA5520 with AIP SSM 20 and I am using IPS Manager Express. For how long can AIP keep IPS events? How can I save events before the logs are recycled?
  Thanks in advance

  Have a look at the following post:
  http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&topicID=.ee6e1fc&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dde8f9b
  Please rate helpful posts.
  Also please note that IME has its own database (on the PC where its installed).
  Regards
  Farrukh

• How to block p2p applications(Bittorent like) with AIP-SSM-10?

  Hi,
  How to block p2p application using AIP-SSM-10 working with ASA5520?AIP is on promiscuous mode.
  Thanks,
  Siva

  There are several signatures that detect p2p, for bit torrent there is 11020.0
  Yahoo triggers: 5539.0, 11200.0, 11212.0, 11217.0 & 11219.0
  etc..
  Some are disabled by default though so please ensure you enable the ones that you need.
  If you want to block these then you will have to use event actions that work in promiscuous setup for example request block connection and tcp reset. Please note that care must be taken when using these event actions.
  For more information about the event actions please refer the link below:
  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/idmguide/dmevtrul.htm#wp1069467

• Downloading 4.0 onto XP it takes a long conection process, with boxes on unresponsive script and a java scipt app saying type error and is all very annoying so what can I do I want the old firefox back a

  I downloaded Firefox 4.0 replacing an earlier Firefox version. I have XP on my computer. When I now click on the Firefox icon after a time a window saying Unresponsive script and underneath script chrome etc comes up. I then press stop script and another window comes up Java Script application and type error. Eventually I get on to the internet but it's all very frustrating. I wish I had ignored the request to download 4.0
  Please help

  I can assure you that the sympton is indeed identical. For as the computer got worse, eventually it refused to start up and made 3 beeps. It has done this before, but today more times than before (just like when it first had this problem). Where-ever you go on the internet, it will tell you that the 3 beeps suggest the RAM is at fault. So, the same 3 beeps, means the same problem, which is the RAM.
  With that in mind, I re-ask my question with the same reasoning and justification; am I still covered under warranty? (Reasoning/Justification: Considering the original problem was not entirely fixed, though something else was to make the MacBook Pro last a little longer before the reoccurance of this problem).

• Need to add a new segment on a live ASA5520 with a failover setup running

  Hi ,
  how do I add a new segment on my ASA5520 that is currently on a lan based active/standby failover. ?
  Will it trigger the failover if I add another interface and will be just as simple as unshutting a normal interface and adding an IP with the same configuration as the other interfaces for failover .
  all of my existing segment has a redundant switch and for the new segment that I will be creating is just a straight forward with only 1 switch on the segment.
  fw-inside-1# show run int
  interface GigabitEthernet0/0
  description OUTSIDE Interface_1
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/1
  description APPS Interface_1
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/2
  description DB Interface_1
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/3
  description LAN/STATE Failover Interface
  interface Management0/0
  shutdown
  nameif management
  security-level 100
  no ip address
  management-only
  interface GigabitEthernet1/0
  description OUTSIDE Interface_2
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet1/1
  description APPS Interface_2
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet1/2
  description DB Interface_2
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet1/3           <<<<<<<<<<<<<<<<<< I will use this interface for the new segment.
  shutdown
  no nameif
  no security-level
  no ip address
  interface Redundant1
  member-interface GigabitEthernet0/0
  member-interface GigabitEthernet1/0
  nameif outside
  security-level 0
  ip address 10.50.5.10 255.255.255.0 standby 10.50.5.11
  interface Redundant2
  member-interface GigabitEthernet0/1
  member-interface GigabitEthernet1/1
  nameif apps
  security-level 80
  ip address 172.16.1.1 255.255.255.0 standby 172.16.1.2
  interface Redundant3
  member-interface GigabitEthernet0/2
  member-interface GigabitEthernet1/2
  nameif db
  security-level 90
  ip address 172.16.4.1 255.255.255.0 standby 172.16.4.2
  fw-inside-1#
  fw-inside-1# show run fail
  failover
  failover lan unit primary
  failover lan interface Failover GigabitEthernet0/3
  failover polltime unit 5 holdtime 15
  failover link Failover GigabitEthernet0/3
  failover interface ip Failover 10.0.0.1 255.255.255.252
  fw-inside-1#
  Since I will not be having a redundant switch on the new segment I will use the below config
  interface GigabitEthernet1/3    
    no shut
    nameif
    security-level 75
    ip address 172.16.3.1 255.255.255.0 standby 172.16.3.2
  Then I will connect cables..
  Please let me know if you have any suggestions or links.
  Regards

  You should first configure your interface, then cable both units and after that no shut it on the ASA. Additionally you can remove your new interface from failover-monitoring as a precaution if somerhing goes wrong.
  Sent from Cisco Technical Support iPad App

• X1 Carbon doesn't go to sleep, keeps running with black screen - unresponsive

  When I leave my computer for say, 20 minutes or so, it doesn't go to sleep (as it normally should with inactivity) but it is still running (I can hear the fan hard at work) but I can't seem to "wake" it back up. The screen is black and the laptop is unresponsive to clicks on the touchpad or closing and opening the laptop. I have to hold the power button down for ~20 seconds before it shuts down and then I have to turn it back on and re-open all my applications and windows to keep working. 
  This has been happening since I first got the laptop (August 2014). I've talked to Tech Support many many times. Nothing seems to work. They replaced my motherboard -- but that doesn't seem to solve the problem. 
  Is it just my laptop or has this happened to anyone else's?? Help!!

  Nothing that anyone from IBM has told me to do has worked to fix this problem! They replaced my motherboard and notihng happened. They also told me to do many other things that haven't worked either. 
  Please report this to IBM as well! I want them to learn that I'm not the only one having this problem. I've been dealing with this since I got this laptop in August. It's ridiculous. I agree that my next computer purchase will NOT be from IBM! But don't call it an expensive loss! Fight for a new one! This is absurd. 

• Transparent mode with AIP-SSM-20

  I currently have an ASA5510 in routed mode with an AIP-SSM-20.
  There is a requirement to use a fibre optic connection between this ASA and another ASA across campus, so the AIP-SSM will have to be removed and replaced with the SSM-4GE.  This part should present no issue.
  However, this will remove the IPS device, and I still want to use IPS.
  So, what I am thinking is to get another ASA5510, install the AIP-SSM, configure ASA for transparent mode and put it in between the inside of the routed ASA and my LAN.  The transparent ASA would be functioning strictly as an IPS appliance.
  Setup would look something like this:
  Internal LAN <> transparent ASA with IPS <> routed ASA <> WAN
  Can the AIP-SSM still perform IPS with the ASA in transparent mode?
  Is there a way to configure the ASA and AIP-SSM such that traffic to/from a particular server completely bypasses the AIP-SSM?
  I have a couple of fileservers that generate heavy traffic and could overload the AIP-SSM.
  Regards.

  AFAIR, There is no problem to setup AIP in a transparent firewall.
  "An ASA in transparent mode can run an AIP.  In the event the AIP fails,
  the IPS will fail-open and the ASA will continue to pass traffic.
  However, if an interface or cable fails, then traffic will stop.  You
  would need a failover pair to account for this failure event, which
  means another ASA and matching AIP."
  And no there is no problem to exclude certain hosts/ports/subnets from inspection by IPS via MPF.
  http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ips.html#wp1050744
  What I however consider however is if the ASAs 5510 as second tier firewall for 5520s will be enough.
  http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
  HTH,
  Marcin

• Problem with dual monitors - unresponsiveness and shut down

  Hello there!
  I've been happily using a 2010 Mac Pro since March with a Radeon 5870 card and two Apple displays connected to the card with mini-displayport cables.
  Recently, after I installed Lion, the secondary screen has been acting strangely; sometimes, while I can move my cursor without any problem on it, I can't click on anything. I click and the program, such as Apple Mail or Reason, just doesn't respond in any way. Moving the program window to the main screen solves the problem.
  Moreover the secondary monitor sometimes shuts down for a second, displacing in the meantime all my windows to the main one. It always comes back instantly.
  Finally, when I use Windows 7 the secondary screen isn't even recognized anymore; it stays black and windows doesn't see it.
  I tried of course to unplug and reconnect both monitors a few times but the problem, which in Lion is sporadic, remains.
  Any ideas?

  There ARE problems hooking up multiple DVI displays. But Mini DisplayPort displays are supposed to "just work" according to this article:
  Mac Pro (Early 2009), Mac Pro (Mid 2010): Supported display configurations
  The other issue some users have is not completely seating those Mini DisplayPort cables or adapters. The connector must be inserted into the jack until essentially ALL of the metal part disappears.

• ICal not syncing with iphone and 'unresponsive'

  I am running the latest version of Leopard on my iMac.
  I had to restore my iMac from a time machine backup recently, and since, my iCal will not sync with my iPhone (all the events are on my phone, not the desktop). The first time I tired, it said that my phone was synced with another account, so I selected to 'merge' information.
  The information on my iPhone is fine and unchanged, but nothing shows up on my iCal. It's completely blank. When I try to quit iCal, it won't. I have to force quit it.

  So I got on the phone with APP today and it turns out iCal was pretty messed up.
  A bunch of the files for iCal were missing (com.apple.iCal.plist) and such.
  Simple solution in the end:
  Completely delete iCal (delete the icon from your applications folder) and reinstall iCal using your latest operating system disk (in my case, the OS X 10.5 disk). All my calendars, etc, where happily there after I reinstalled iCal.

• Why do I get a stall every few minutes with a "Pages unresponsive" error frame when using iCloud e-Mail?

  Friends:  Has anyone heard or seen a suggestion from any source on how to eliminate the several minute stall every several minutes when using iCloud E-Mail through any browser (Safari, IE-11, Chrome) on any Microsoft OS (WIN-8.1, WIN-7-SP1, WIN-XP)?  I've seen several other folks express frustration but have seen no actionable replies.
  Thanks,  George

  Absolutely no one posted a reply or suggestion in over a month.  Not even one.  So, I'm abandoning this query.
  If someone in posterity sees this post, please don't reply because it will not be monitored.
  Thanks anyway - GeorgeIP

• Dealing with unresponsive scripts?

  FF 35.0.1, no plugins active, no add-ons installed, Mac OS X 10.6.8
  Hi, Every time I browse newegg.com (different accounts/boot drives), at least one open tab will soon spinning-beach-ball hang with message:
  Warning: Unresponsive script
  A script on this page may be busy, or it may have stopped
  responding. You can stop the script now, open the script in
  the debugger, or let the script continue.
  Script: http://cdn.krxd.net
  /ctjs/controltag.js.0663le6b152733188c0cac5a80502b56:2
  [ ] Don't ask me again
  (Debug script) (Stop script) (Continue)
  The only way I've been able to *sometimes* close the tab, is - if able - choose (Debug script), wait until debug window section fill in, then hit the close "x" on the right side of the tab, wait for the tab to close, and then for the same error message to reappear, then hit any of the choices to finish the closure. Otherwise Force Quit.
  Thanks for any comment.

  Thanks for the reply.
  Mainly I was trying to find out if there was a "stronger" way to get out of such a hanging/unresponsive tab without a Force Quit of the entire application - for future reference.
  To me it looks like the script is associated with custom ads located along the side of the page, or tracking. I suspect that script is run only when certain ads are pushed to the page. (cdn.krxd.net is apparently part of Krux "Consumer Web Data Management".)
  If further detail might assist: As stated above I run no extensions or add-ons (and generally either run as private browsing, or clear *everything* at least at the end of every session). Malware is not an issue, and the problem was repeatable on various accounts and boot volumes.
  The newegg website is useless with javascript disabled, so that is not an option. I'd rather not start using add-ons, but it appears that there are some "JavaScript blacklist" ones out there. I suspect that the problem will probably disappear unexpectedly when the ad run expires or the script changes.

• Cisco Network Assistant 5.8(5) with ASA5520

  I was able to discover and manage my ASA5520 with the CNA and consequently display it on the topography.  I added a network cloud icon to display my ISP.  However, the Add Link window doe snot show up when I right-click the ASA to add a link from the ASA to the cloud.  Is there any additional configuration needed on the ASA or CNA for the Add Link window to show?

  This function is not supported for any ASA model or software revision as ASA does not support CDP or LLDP to validate layer 2 adjacency.
  The same issue applies with Cisco Prime LMS' Topology tool and ASA firewalls.

• Password Reset for AIP-SSM 10

  Hi,
  i have an ASA5520 with v 7.2(2) running.
  but the IPS module spftware is 5.1
  when i tried to login to the > session 1
  it prompts me for a login and password.
  i tried cisco and a few other combinations.. but no luck ,,
  how do i reset it ?? also that reset procedure on the docs says its resets password or the user cisco ..
  how can i be sure if the user cisco even exists on it or not ?
  any help please ???

  no man it doesnt ..
  the link u specified says it too..
  hw-module module slot_number password-reset?This command recovers a password on a Cisco ASA 5500 Series Content Security and Control Security Services Module (CSC-SSM) or the AIP-SSM without having to re-image the device.
  Note: This command starts support from IPS 6.0 (ASA 7.2 version) and is used to restore the Cisco CLI account password to the default cisco
  hers my ASA and IPS details..
  ASA# sh version
  Cisco Adaptive Security Appliance Software Version 7.2(2)
  Device Manager Version 5.2(2)
  Compiled on Wed 22-Nov-06 14:16 by builders
  System image file is "disk0:/asa722-k8.bin"
  Config file at boot was "startup-config"
  ASA up 22 days 3 hours
  Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
  ASA# sh module 1
  Mod Card Type Model Serial No.
  1 ASA5500 SSM-10 ASA-SSM-10 B155670DW4
  Mod MAC Add Range Hw Ver. Fw Ver. Sw Ver.
  1 00xx to 001 1.0 1.0(10)0 5.0(2)S152.0
  Mod SSM Apps. Name Status SSM Apps Version
  1 IPS Up 5.0(2)S152.0
  Mod Status Data Plane Status Compatibility
  1 Up Up

• AIP-SSM Upgrade Procedure

  Hi everybody!
  I have ASA5520 version 8.2(1) with AIP-SSM-20 module
  and I want to upgrade AIP-SSM-20 software from version 6.1(3)E3 to 7.0(2)E4
  I go to the download site and see the following list:
  Intrusion Prevention System (IPS) Recovery Software:
  IPS-K9-r-1.1-a-7.0-2-E4.pkg
          Release Date: 29/Mar/2010
          IPS Recovery Image File
  Intrusion Prevention System (IPS) Signature Updates:
  IPS-sig-S481-req-E4.pkg
          Release Date: 31/Mar/2010
          E4 Signature Update S481
  Intrusion Prevention System (IPS) System Software:
  IPS-SSM_20-K9-sys-1.1-a-7.0-2-E4.img
          Release Date: 29/Mar/2010
          IPS-SSM_20 System Image File
  Intrusion Prevention System (IPS) System Upgrades
  IPS-K9-7.0-2-E4.pkg
          Release Date: 29/Mar/2010
          IPS 7.0 Major Upgrade File (All Supported Platforms Except AIM-IPS and NME-IPS)
  IPS-engine-E4-req-7.0-2.pkg
          Release Date: 29/Mar/2010
          IPS E4 Engine Update
  I am somewhat confused by the number of files and want to ask what the procedure/sequence I should follow to upgrade?

  This is the file that you would like to use to upgrade it:
  Intrusion Prevention System  (IPS) System Upgrades
  IPS-K9-7.0-2-E4.pkg
  To upgrade:
  1) Upload the "IPS-K9-7.0-2-E4.pkg" file through IDM
  2) IDM --> Configuration --> Sensor Management --> Update Sensor --> choose Update is located on this client --> choose the "IPS-K9-7.0-2-E4.pkg" file --> hit the "Update Sensor" button.
  It will take a while (around 20 minutes) to upgrade the sensor, so don't panic if it doesn't come back up in "UP" status straight away.
  Hope that helps.

• AIP-SSM 20 Throughput

  Hi,
  We are in process of installing the AIP-SSM20 modules in ASA5520 (Active/passive). Currently its configured in promiscuous mode /w monitoring all the outside and dmz traffic... I have also tuned various signature to troubleshoot and increase the AIP-SSM20 throughput but I am seeing below messages randomly throughout the day:
  evStatus: eventId=1218593040808071564 vendor=Cisco
  originator:
  hostId: caipssm01waynpa
  appName: interface
  appInstanceId: 340
  time: Sep 03, 2008 20:19:16 UTC offset=-240 timeZone=GMT-05:00
  netInterfaceMissedPacketThresholdExceeded:
  description: GigabitEthernet0/1 : Missed-packet threshold was exceeded. 3% of packets were missed.
  interfaceName: GigabitEthernet0/1
  I was wondering if anyone had ran into this issue...
  I am running 6.1.1E2 and ASA OS 7.2.1...
  I appreciate any help
  Thank in a advance

  After monitoring for few hours. I am getting the Missed packets events with MRTG showing 11M traffic on Gig0/1 interface.
  evStatus: eventId=1218593040808080769 vendor=Cisco
  originator:
  hostId: caipssm01
  appName: interface
  appInstanceId: 340
  time: Sep 05, 2008 22:05:46 UTC offset=-240 timeZone=GMT-05:00
  netInterfaceMissedPacketThresholdExceeded:
  description: GigabitEthernet0/1 : Missed-packet threshold was exceeded. 14% of packets were missed.
  interfaceName: GigabitEthernet0/1
  MRTG Graph data:
  day
  Max Average Current
  In 1414.9 kB/s (3.2%) 816.5 kB/s (1.9%) 1227.9 kB/s (2.8%)
  Out 1415.0 kB/s (3.2%) 816.5 kB/s (1.9%) 1227.9 kB/s (2.8%)
  Looks like I am not even getting 88Mbs throughput with AIP-SSM20 module.
  Any recommendation?
  Thanks in a advance