C-44
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Appendix C Troubleshooting
Troubleshooting AIP-SSM
Using the TCP Reset Interface
IDSM-2 has a TCP reset interface—port 1. IDSM-2 has a specific TCP reset interface because it cannot
send TCP resets on its sensing ports.
If you have TCP reset problems with IDSM-2, try the following:
•
If the sensing ports are access ports (a single VLAN), you must configure the TCP reset port to be
in the same VLAN.
•
If the sensing ports are dot1q trunk ports (multi-VLAN), the sensing ports and TCP reset port all
must have the same native VLAN, and the TCP reset port must trunk all the VLANs being trunked
by both the sensing ports.
Connecting a Serial Cable to IDSM-2
You can connect a serial cable directly to the serial console port on IDSM-2. This lets you bypass the
switch and module network interfaces.
To connect a serial cable to IDSM-2, follow these steps:
Step 1
Locate the two RJ-45 ports on IDSM-2.
You can find them approximately in the center of the mother board. If you are facing the module
faceplate, the RJ-45 port on the right is the serial console port.
Step 2
Connect a straight-through cable to the right port on IDSM-2, and then connect the other end of the cable
to a terminal server port.
Step 3
Configure the terminal server port to be 19200 baud, 8 bits, no parity.
You can now log directly in to IDSM-2.
Note
Connecting a serial cable to IDSM-2 works only if there is no module located above IDSM-2 in the
switch chassis, because the cable has to come out through the front of the chassis.
Troubleshooting AIP-SSM
AIP-SSM has the same software architecture as the 4200 series sensors. You can use the same
troubleshooting tools as outlined in
Troubleshooting the 4200 Series Appliance, page C-3
.
The following section contains commands that are specific to troubleshooting AIP-SSM.
To see the general health of AIP-SSM, use the
show module 1 details
command:
asa#
show module 1 details
Getting details from the Service Module, please wait...
ASA 5500 Series Security Services Module-20
Model: AIP-SSM-20
Hardware version: 0.2
Serial Number: P2B000005D0
Firmware version: 1.0(10)0
Software version: 5.1(0.1)S153.0
Status: Up