Installation guide

ManualsBrandsCisco ManualsComputer equipmentIPS 7.1

331

332

333

334

335

336

337

338

339

340

E-67

Cisco Intrusion Prevention System Appliance Hardware Installation Guide for IPS 7.1

OL-24002-01

Appendix E Troubleshooting

Troubleshooting the ASA 5500-X IPS SSP

asa-ips# sw-module module ips recover configure image

disk0:/IPS-SSP_5555-K9-sys-1.1-a-7.1-3-E4.aip

Image URL [tftp://192.0.2.1/IPS-5545-K9-sys-1.1-a-7.1-3-E4.aip]:

Port IP Address [192.0.2.226]:

VLAN ID [0]:

Gateway IP Address [192.0.2.254]:

asa-ips# debug module-boot

debug module-boot enabled at level 1

asa-ips# sw-module module ips reload

Reload module ips? [confirm]

Reload issued for module ips.

asa-ips# Mod-ips 228> ***

Mod-ips 229> *** EVENT: The module is reloading.

Mod-ips 230> *** TIME: 08:07:36 CST Jan 17 2012

Mod-ips 231> ***

Mod-ips 232> Mod-ips 233> The system is going down NOW!

Mod-ips 234> Sending SIGTERM to all processes

Mod-ips 235> Sending SIGKILL to all processes

Mod-ips 236> Requesting system reboot

Mod-ips 237> e1000 0000:00:07.0: PCI INT A disabled

Mod-ips 238> e1000 0000:00:06.0: PCI INT A disabled

Mod-ips 239> e1000 0000:00:05.0: PCI INT A disabled

Mod-ips 240> Restarting system.

Mod-ips 241> machine restart

Mod-ips 242> IVSHMEM: addr = 4093640704 size = 67108864

Mod-ips 243> Booting 'Cisco IPS'

Mod-ips 244> root (hd0,0)

Mod-ips 245> Filesystem type is ext2fs, partition type 0x83

Mod-ips 246> kernel /ips-2.6.ld ro initfsDev=/dev/hda1 init=loader.run rootrw=/dev/hda2

init

Mod-ips 247> fs=runtime-image.cpio.bz2 hda=nodma console=ttyS0 plat=saleen htlblow=1

hugepag

Mod-ips 248> es=3223

Mod-ips 249> [Linux-bzImage, setup=0x2c00, size=0x2bad80]

Mod-ips 250> Linux version 2.6.29.1 (ipsbuild@seti-teambuilder-a) (gcc version 4.3.2

(crosstool

Mod-ips 251> -NG-1.4.1) ) #56 SMP Tue Dec 6 00:46:11 CST 2011

Mod-ips 252> Command line: ro initfsDev=/dev/hda1 init=loader.run rootrw=/dev/hda2

initfs=runti

Mod-ips 253> me-image.cpio.bz2 hda=nodma console=ttyS0 plat=saleen htlblow=1

hugepages=3223

--MORE--

The ASA 5500-X IPS SSP and the Normalizer Engine

The majority of the features in the Normalizer engine are not used on the ASA 5500-X IPS SSP, because

the ASA itself handles the normalization. Packets on the ASA IPS modules go through a special path in

the Normalizer that only reassembles fragments and puts packets in the right order for the TCP stream.

The Normalizer does not do any of the normalization that is done on an inline IPS appliance, because

that causes problems in the way the ASA handles the packets.

The following Normalizer engine signatures are not supported:

• 1300.0

• 1304.0

• 1305.0