This document describes common problems and solutions to Cisco Intrusion Prevention System (IPS) issues in Cisco Security Manager.
There are no specific requirements for this document.
The information in this document is based on Cisco Security Manager version 4.3.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
This document describes common problems encountered in Cisco Security Manager 4.3. While this document focuses on Cisco Security Manager version 4.3, it is possible that the same problems and solutions apply to other versions as well.
Cannot Connect to IPS
You can no longer connect to IPS through Cisco Security Manager. However, you can connect to Secure Shell (SSH) and IPS Device Manager (IDM) from the Cisco Security Manager server.
Verify that the IPS uses a current X.509 certificate. Run the show version command at the IPS CLI in order to verify the version of the certificate. If the certificate has expired, run the tls generate-key command in order to obtain a new certificate. After you generate the key, import the IPS certificate.
AIP-SSM Sensor Not Recognized After Upgrade to 7.1(6)E4
After you upgrade your Cisco ASA Advanced Inspection and Prevention Security Services Module (AIP-SSM) module to version 7.1(6)E4 in Cisco Security Manager version 4.3, Cisco Security Manager does not recognize the AIP-SSM sensor.
In order to resolve this problem, you must install Cisco Security Manager version 4.3 Service Pack 1, or Service Pack 2, to the Cisco Security Manager server so that it will support your AIP-SSM with the 7.1 IPS software.
IPS Signatures Not Automatically Updated Within Grace Period
Cisco Security Manager does not automatically update your IPS signatures event although your IPS is still inside the grace period.
Cisco Security Manager does not update signatures automatically if the sensor is within the grace period. In order to resolve this problem, choose Tools > Apply IPS updates in the Cisco Security Manager interface to manually update the signatures.
Large Number of Radius Requests to IPS Devices
You see a large number of RADIUS requests from Cisco Security Manager to your IPS devices.
This issue occurs when Cisco Security Manager rapidly polls monitored devices. By default, affected versions of the Event Monitoring (eventing) feature on Cisco Security Manager can attempt to poll monitored devices several times per second. If other Cisco Security Manager monitoring features (Health and Performance Monitor and/or Report Manager) are enabled, additional device polls occur.
In order to resolve this problem, you can change the default wait time (sleep interval). The default sleep interval between device polls is set to 250ms by default. This value can be changed manually to a larger, more reasonable value. In order to change the wait time value, edit the communication.properties file on the Cisco Security Manager server; this file is located at <NMSROOT>\MDC\eventing\config\communication.properties.
In the communication.properties file, replace SLEEP_INTERVAL_SYNCH_CALLS=250 with SLEEP_INTERVAL_SYNCH_CALLS=2000.
Note: The value is specified in milliseconds (ms); therefore, 2000 equates to 2 seconds.
Caution: Use caution when you edit this file. Changes to this file other than the one listed above can cause undesired effects to Cisco Security Manager.
After you change and save the file, ensure all Cisco Security Manager client applications are closed, and then restart the Cisco Security Manager Daemon Manager (CRMDmgtd) service.