Cisco ASA IPS SSM-10

Hello,
I just upgraded one of my Cisco ASA IPS SSM-10 from version 7.0 (6) E4 to version 7.0 (7) E4 and the Radius authentication stopped working. I use Microsoft 2008 Radius and I still have 10 more of these working with version 7.0 (6) E4.
I used to have the same Radius authentication issue with version 6 until we upgraded to ver 7.0 (6) E4 and this latest version screwed up again.
Does anyone know if there is a Radius authentication bug in this latest version 7.0 (7) E4?
Thank you
Si

There is a known issue CSCty46104. However a show-tech log can give more details as to why there was a failure in your case.
Regards
Sawan Gupta

Similar Messages

  • Cisco ASA IPS vs Bruteforce

    Who can help me, I need device that will block bruteforce attack to our webmail servers, 5 wrong password input = block for 10 min, for example.
    Can I use for this Cisco ASA IPS?

    Depending on how your specific webmail server works, perhaps you could use/tune:
    SIG 6256.0 (HTTP Authorization Failure)
    -or-
    SIG 20020.0 (HTTP Authentication Brute Force Attempt)
    Or, create a custom signature based off of one of the above.

  • Cisco IPS 4240 VS Cisco ASA AIP SSM-10 Modula

    I'm looking to replace another vendor's IPS system we have at our company. We do have an ASA 5510 in our envionment currently.
    Considering I don't need the extra bandwidth of the IPS 4240 series and the AIP SSM-10 requires an ASA 5510 what are the differences?

    Operationally the AIP-SSM1 and the 4240 run the same software, so they work pretty much the same.
    The AIP-SSM inside the ASA is less expensive alternateive, but becuase it sits inside an ASA there is more to configure and manage (the ASA plus the sensor), The ASA also has some built in inspections that may filter some traffic/attacks from being seen at the AIP-SSM sensor.
    - Bob

  • Cisco ASA IPS Monitor

    Hello
    I have configured IPS system in my ASA 5520 but I am unable find out my IPS is actually working or not. The only one thing i can see CPU utilization in IDM. Can you please assist me how I can view the IPS module activity? I have installed IDM & ASDM in my PC.
    thanks.
    Regards
    Mannan

    Please check the Inspection Load via IDM or IPS CLI (show stats virtual-sensor).
    Using the "show stats virtual-sensor", it also shows, how many packets are being processed, which signatures are firing, etc.
    Regards,
    Sawan Gupta

  • Correlating Cisco ASA-SSM-IPS Events/Logs

    I have just configured a Cisco ASA-SSM-IPS10. An exciting feature of this decice is the ability to monitor, analyse, and correlate security events. Can anybody help with a documentation to simplify daily (or periodic) analysis, and correlation of the IPS Logs? As I am not yet to up to speed with this task yet, a "How-to" document would be just fine.  Thank you.

    Hi Chris,
    Good to have you get on the case. I am yet to setup and ips manager software. Presently, I use an ASDM 6 interface, with this interface, I am able to view events and alerts, and perform other adminsitrative cores... The IPS manager express does it comes bundle with our device purchase? Does it contain necesary templates/docs for correlating events/Logs?

  • Cisco IPS SSM 10 Sensor can't update signature file from ASA 5510

    Cisco ASA 5510 IPS Firewall with ASA-SSM-10 Module.  I am trying to do a manual update of the signature file and get the following error:
    Error: execUpgradeSoftware : couldn't connect to host
    I have confirmed that I can ping the ftp server successfully from the ASA and the command I am trying to use from the configure terminal of the module is:
    upgrade ftp://[email protected]//IPS-sig-S813-req-E4.pkg
    I have also tried via http and it does not work as well.  Any thoughts?

    to connect to ftp there should be username usually anonymous and password whitch can be any. check in ftp server
    aip_ssm_card# copy  ftp://192.168.15.12/JAF1308ARNJ_20131009032200919.lic license-key 
    User: anonymous
    Password: *********
    the username and/or the password are incorrect
    aip_ssm_card# copy  ftp://192.168.15.12/JAF1308ARNJ_20131009032200919.lic license-key 
    User: 123
    Password: ***
    File opening error
    I made special user 123 on ftp server with password 123
    aip_ssm_card# copy  ftp://192.168.15.12/JAF1308ARNJ_20131009032200919.lic license-key 
    User: 123
    Password: ***
    aip_ssm_card# 
    and dont forget to rate post

  • ASA 5510 8.4(2) and IPS SSM-20 7.0(6) E4

    Hi, I'm thinking the ASA 5510, ver. 8.4(2) with IPS SSM-20 ver. 7.0(6) E4  falls into IPS unresponsive state.
    Now I'm testing the ASA 5510 ver. 8.4(2) with IPS SSM-20 ver. 7.0(4) E4, to verify if the system falls into the same condition.
    Any experience ?
    In case of incompatibility, how to downgrade ISP SSM-20 to 7.0(4) ?
    thanks
    rs

    You may remove last signature update or service pack by using "downgrade" command in config mode on IPS CLI:
    http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_system_images.html
    "Downgrading removes the last applied service pack or signature update from the sensor."

  • IPS Signature DataBase - ASA IPS/IOS IPS/IPS 42xx/AIP-SSM

    Hi,
    Can anyone briefly tell me the signature database details (No of Signature) among the following devices,
    -->ASA IPS/IOS IPS/IPS 42xx/AIP-SSM.
    Thanks,

    IPS on ASA/PIX = just 50 or so common signatures
    AIP-SSM module = same signatures as Cisco 4200 series sensors. Little minor differences exist (like IPv6 signature support etc.)
    Please rate if helpful.
    Regards
    Farrukh

  • CISCO ASA SSM-10

    I have an ASA 5520, and I have Cisco ASA SSM-10, but I'm not sure how to work with it. My problems are here:
    1. What software do I need to get this to work
    2. From the rj45 connection on this module, where does it connects to.
    3. Give me some guide to configure it and test to see if it works.

    Hi,
    you need to do couple of things to get this to work.
    1. Configuration on ASA to forward the traffic to the module
    2. Chose whether you are going to plug the IPS in inline/promiscious mode
    3. Configure the IPS module
    Configuring ASA to forward the traffic to the module:-
    access-l IPS permit ip any any
    class-IPS
    match access-list IPS
    policy-map global-policy
    class IPS
    IPS inline/promiscious fail-open/fail-close
    When you do this ASa is configured to send the traffic to the module.
    Now you need to get in to the IPS
    you can get in to the through CLI on ASA:-
    do session 1
    it will ask you for username and password
    both are cisco by default
    run the command setup
    and it will walk you through the initial configuration of the sensor.
    once the sensor is configured
    log in to the IDM
    and need to go to configuration>> policies and assign vs0 to the backplane interface of the module so that sigs come in to the act of the traffic.
    you can connect the module in front of the IPS to the switch vlan where the other interface exist from where you want to see this traffic and want ips to come into act.
    Suppose you want to apply the IPS on inside network
    ASA inside interface ip:-192.168.1.1
    Module ip:-192.168.1.3/192.168.1.1
    Here the gateway for the module is the ASA inside interface.
    now all the traffic going outbound or coming in from the inside itnerface will be monitored by the IPS.
    now connect the ethernet interface of the module to the same vlan on switch where your inside interface is connected.
    Now you can even manage the IDM of the IPS just like you manage the ASDM for the ASA, you just need to have your host/network allowed to gain access to it.
    Thanks

  • SQL Injection detection with IDS/IPS on cisco ASA?

    Hi
    Is it possible to detect or prevent SQL injection attacks using Cisco IDS/ IPS on ASA or with regular expressions?
    Is there any signature available in IDS/IPS for this? And how effective it is in terms of generating correct alarms?
    Thanks in advance

    Deepak,
    We have several signatures that detect generic SQL injection attacks in the 5930-x family of signatures.

  • Initial hookup of IPS-SSM in an ASA to a switch

                       I have an ASA-5520 with a IPS-SSM-40. I configured the IPS control port to an ip address on the ASA's inside network subnet and connected it to the same switch as the ASA's inside port is connected to. I am using a single context. What vlan should the switch port be on that connects to the IPS?
    I can SSH to the ASA and go to session 1 and see the config. But I cannot connect thru the ASDM.
    ASA 5500 Series Security Services Module-40
    Model:              ASA-SSM-40
    Hardware version:   1.0
    Serial Number:      JAF1545CBNM
    Firmware version:   1.0(14)5
    Software version:   6.0(6)E4
    MAC Address Range:  44d3.ca0f.0413 to 44d3.ca0f.0413
    App. name:          IPS
    App. Status:        Up
    App. Status Desc:
    App. version:       6.0(6)E4
    Data plane Status:  Up
    Status:             Up
    Mgmt IP addr:       192.168.0.12
    Mgmt web ports:     443
    Mgmt TLS enabled:   true MAC Address Range:  44d3.ca0f.0413 to 44d3.ca0f.0413
    App. name:          IPS
    App. Status:        Up
    App. Status Desc:
    App. version:       6.0(6)E4
    Data plane Status:  Up
    Status:             Up
    Mgmt IP addr:       192.168.0.12
    Mgmt web ports:     443
    Mgmt TLS enabled:   true

    The config that you have earlier should already allow access to the IPS via AnyConnect. Pls remove the config that you have just added as it sounds incorrect.
    Can you ping the IPS from the AnyConnect client?
    I assume that you can ping 192.168.0.31 and 192.168.0.4 when you are connected via AnyConnect, right?
    If you can, then you should be able to ping 192.168.0.12 as well. I also assume that the port on the module is connected to the same switch where the ASA inside interface is connected.
    Can you install a TFTP server on a host on your inside network, and transfer the image to the IPS module via an inside host. I assume you can RDP to an inside host once you are connected via AnyConnect.

  • Single AIP-SSM in Cisco ASA Failover Active / Standby Mode

    Hi,
    I can add single AIP-SSM on Cisco ASA in failover active / standby mode?

    No, both units need the same hardware, that includes the installed modules.
    Sent from Cisco Technical Support iPad App

  • Swap Cisco ASA SSM-10 from dead firewall

            Good afternoon,
    I currenty have 2 cisco 5510 firewalls one of the firewals is completly dead but contains a Cisco ASA SSM-10 can i remove this card and just place it into a working unit, will i have any problems doing so.
    Regards
    Paul

    No, that shouldn't be a problem at all as the serial number of the SSM-10 module does not get linked to the actual ASA appliance.

  • Cisco asa 5585 syslog options for ips?

    We have CISCO ASA 5585 with a separate module for IPS, I want to know what are the options for configuring syslog? Its nearly impossible to find ; and there are some forums on the internet which says that cisco ips stores logs in native / proprietary format and cannot be exported.
    Please elaborate
    Thanks.

    Some sensor-related events generate syslog messages. Those will be forwarded according to the parent ASA syslog settings.
    Detailed IPS events (signature triggers actions etc.) are stored locally and must be retrieved using the SDEE protocol (tcp-based). That requires use of a management system like Cisco Security Manager (CSM), IPS Manager Express (IME) etc. There is a good document here that explains SDEE in more detail.

  • Cisco ips ssm -- with cisco IME -- logs

    Hi, can any one tell me how do i pull the logs from SSM mo
    dule to the cisco IME server for log analysis.
    i know that syslog is not supported in SSM and the only option is to have IME server...
    -Rajesh

    You will need to add the IPS-SSM module to your IME, and it will automatically pull logs from the module once it has been added to your IME.

Maybe you are looking for

  • Accessing incoming voice messages on Nokia 2630

    I searched everywhere about how to pick up incoming phone calls on my 2630.   I selected the little envelope icon from the menu, then messages received, then I get 888 for Orange provider.  It then gives me the name of who sent it and I can answer bu

  • Screen is black.. chimes on startup, but no response on display OR external

    Hi fellow apple users. I have a 2.2ghz MBP, and today I had my MBP hooked up to an external monitor (TV), the laptop was closed while I was watching a video. I opened up the lid, unhooked the video cable, and then there was no response, the screen wa

  • Hierarchy Viewer component

    Hi, When can we expect Hierarchy Viewer component that is used here: http://rea.oracle.com/faces/index . It will be accessible as update to current ADF RC version or we must wait for the next release of JDeveloper ? Kuba

  • How to connect SQL server using JRun

    I am relatively dumb into Java. I am running JRun server in Unix box, and I need to connect to the SQL server (full marks for guesssing that SQL server is on the Win2K box). Now I want to connect to the SQL server from Jrun using JSPs. Question: 1. I

  • Problem with form after registering in applications

    Hi all,i have developed a new form using template.fmb which i got from AU_TOP.I developed the new form from form builder 10g and registered in applications.Now,when i see my form in applications..there are somethings missing like, 1)Every form in Ora