Security Manager 4.3: Common IPS Problems and
Solutions
Document ID: 116396
Contributed by Corey Lawrence and David Houck, Cisco TAC
Engineers.
Jul 19, 2013
Contents
Introduction
Prerequisites
Requirements
Components Used
Related Products
Cannot Connect to IPS
Problem
Solution
AIP−SSM Sensor Not Recognized After Upgrade to 7.1(6)E4
Problem
Solution
IPS Signatures Not Automatically Updated Within Grace Period
Problem
Solution
Large Number of Radius Requests to IPS Devices
Problem
Solution
Related Information
Introduction
This document describes common problems and solutions to Cisco Intrusion Prevention System (IPS) issues
in Cisco Security Manager.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on Cisco Security Manager version 4.3.
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
Related Products
This document describes common problems encountered in Cisco Security Manager 4.3. While this document
focuses on Cisco Security Manager version 4.3, it is possible that the same problems and solutions apply to
other versions as well.
Cannot Connect to IPS
Problem
You can no longer connect to IPS through Cisco Security Manager. However, you can connect to Secure Shell
(SSH) and IPS Device Manager (IDM) from the Cisco Security Manager server.
Solution
Verify that the IPS uses a current X.509 certificate. Run the show version command at the IPS CLI in order to
verify the version of the certificate. If the certificate has expired, run the tls generate−key command in order
to obtain a new certificate. After you generate the key, import the IPS certificate.
AIP−SSM Sensor Not Recognized After Upgrade to 7.1(6)E4
Problem
After you upgrade your Cisco ASA Advanced Inspection and Prevention Security Services Module
(AIP−SSM) module to version 7.1(6)E4 in Cisco Security Manager version 4.3, Cisco Security Manager does
not recognize the AIP−SSM sensor.
Solution
In order to resolve this problem, you must install Cisco Security Manager version 4.3 Service Pack 1, or
Service Pack 2, to the Cisco Security Manager server so that it will support your AIP−SSM with the 7.1 IPS
software.
IPS Signatures Not Automatically Updated Within Grace
Period
Problem
Cisco Security Manager does not automatically update your IPS signatures event although your IPS is still
inside the grace period.
Solution
Cisco Security Manager does not update signatures automatically if the sensor is within the grace period. In
order to resolve this problem, choose Tools > Apply IPS updates in the Cisco Security Manager interface to
manually update the signatures.
Large Number of Radius Requests to IPS Devices
Problem
You see a large number of RADIUS requests from Cisco Security Manager to your IPS devices.
Solution
This issue occurs when Cisco Security Manager rapidly polls monitored devices. By default, affected versions
of the Event Monitoring (eventing) feature on Cisco Security Manager can attempt to poll monitored devices
several times per second. If other Cisco Security Manager monitoring features (Health and Performance
Monitor and/or Report Manager) are enabled, additional device polls occur.
In order to resolve this problem, you can change the default wait time (sleep interval). The default sleep
interval between device polls is set to 250ms by default. This value can be changed manually to a larger, more
reasonable value. In order to change the wait time value, edit the communication.properties file on the Cisco
Security Manager server; this file is located at
<NMSROOT>\MDC\eventing\config\communication.properties.
In the communication.properties file, replace SLEEP_INTERVAL_SYNCH_CALLS=250 with
SLEEP_INTERVAL_SYNCH_CALLS=2000.
Note: The value is specified in milliseconds (ms); therefore, 2000 equates to 2 seconds.
Caution: Use caution when you edit this file. Changes to this file other than the one listed above can cause
undesired effects to Cisco Security Manager.
After you change and save the file, ensure all Cisco Security Manager client applications are closed, and then
restart the Cisco Security Manager Daemon Manager (CRMDmgtd) service.
Related Information
• Cisco Security Manager 4.3 Installation and Upgrade Guide
• Technical Support & Documentation − Cisco Systems
Updated: Jul 19, 2013
Document ID: 116396