Cisco Security Manager

Security Manager 4.3: Common IPS Problems and Solutions

Document ID: 116396

Updated: Jul 19, 2013

Contributed by Corey Lawrence and David Houck, Cisco TAC Engineers.



This document describes common problems and solutions to Cisco Intrusion Prevention System (IPS) issues in Cisco Security Manager.



There are no specific requirements for this document.

Components Used

The information in this document is based on Cisco Security Manager version 4.3.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Related Products

This document describes common problems encountered in Cisco Security Manager 4.3. While this document focuses on Cisco Security Manager version 4.3, it is possible that the same problems and solutions apply to other versions as well.

Cannot Connect to IPS


You can no longer connect to IPS through Cisco Security Manager. However, you can connect to Secure Shell (SSH) and IPS Device Manager (IDM) from the Cisco Security Manager server.


Verify that the IPS uses a current X.509 certificate. Run the show version command at the IPS CLI in order to verify the version of the certificate. If the certificate has expired, run the tls generate-key command in order to obtain a new certificate. After you generate the key, import the IPS certificate.

AIP-SSM Sensor Not Recognized After Upgrade to 7.1(6)E4


After you upgrade your Cisco ASA Advanced Inspection and Prevention Security Services Module (AIP-SSM) module to version 7.1(6)E4 in Cisco Security Manager version 4.3, Cisco Security Manager does not recognize the AIP-SSM sensor.


In order to resolve this problem, you must install Cisco Security Manager version 4.3 Service Pack 1, or Service Pack 2, to the Cisco Security Manager server so that it will support your AIP-SSM with the 7.1 IPS software.

IPS Signatures Not Automatically Updated Within Grace Period


Cisco Security Manager does not automatically update your IPS signatures event although your IPS is still inside the grace period.


Cisco Security Manager does not update signatures automatically if the sensor is within the grace period. In order to resolve this problem, choose Tools > Apply IPS updates in the Cisco Security Manager interface to manually update the signatures.

Large Number of Radius Requests to IPS Devices


You see a large number of RADIUS requests from Cisco Security Manager to your IPS devices.


This issue occurs when Cisco Security Manager rapidly polls monitored devices. By default, affected versions of the Event Monitoring (eventing) feature on Cisco Security Manager can attempt to poll monitored devices several times per second. If other Cisco Security Manager monitoring features (Health and Performance Monitor and/or Report Manager) are enabled, additional device polls occur.

In order to resolve this problem, you can change the default wait time (sleep interval). The default sleep interval between device polls is set to 250ms by default. This value can be changed manually to a larger, more reasonable value. In order to change the wait time value, edit the file on the Cisco Security Manager server; this file is located at <NMSROOT>\MDC\eventing\config\


Note: The value is specified in milliseconds (ms); therefore, 2000 equates to 2 seconds.

Caution: Use caution when you edit this file. Changes to this file other than the one listed above can cause undesired effects to Cisco Security Manager.

After you change and save the file, ensure all Cisco Security Manager client applications are closed, and then restart the Cisco Security Manager Daemon Manager (CRMDmgtd) service.

Related Information

Updated: Jul 19, 2013
Document ID: 116396