Unable to access Cisco ASA-5510 AIP SSM through ASDM

jimmycher
jimmycher used Ask the Experts™
on
From the CIsco web site..........

 
Unable to Access the AIP SSM through ASDM

Problem:

This error message is seen on the GUI.

    Error connecting to sensor. Error Loading Sensor error


Check the IPS SSM management interface is up/down, and check its configured IP address, subnet mask and default gateway. This is the interface to access the Cisco Adaptive Security Device Manager (ASDM) Software from the local machine. Try to ping the management interface IP address of IPS SSM from the local machine that you want to access the ASDM. If unable to ping check the ACLs on the sensor

----------------------------------------------------------------------------------------

 

I tried everything recommended above.   I can ping the ASDM host from the FW and from the SSM-10 module. Likewise, I can ping the SSM from the ASDM, and the host machine.    I opened the ACLs as wide as possible.   I changed IP addresses and masks several times.   The management port of the ASA and the SSM are on the same subnet, but that should be okay.

 

Tried everything, need some high-level help.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Did you check the web port configured on the SSM?



hostname# show module 1 details
Getting details from the Service Module, please wait...
ASA 5500 Series Security Services Module-20
Model:              AIP-SSM-20
Hardware version:   0.2
Serial Number:      P2B000005D0
Firmware version:   1.0(10)0
Software version:   5.0(0.27)S129.0
Status:             Up
Mgmt IP addr:       10.89.149.219
Mgmt web ports:     881
Mgmt TLS enabled:   false
hostname#


If the port number is anything other than 443, you may need to specify that with the asdm.

I assume that since you can ping both interfaces the gateway isn't the issue, but perhaps double check that both the ASA and SSM are using the correct gateway which for you should be the same gateway since they are in the same subnet.

Also, if you are not using the SSM in production right now, you could consider going through the process to return the module to factory defaults and start the config over.

Author

Commented:
Thanks, I'll give it another look.

Author

Commented:
I found out from another users group that IDM on ASDM is not supported in JAVA 1.7.   I have to use IPS manager express IME.   Good grief.

Author

Commented:
Looks like a JAVA issue.  Thanks.

Commented:
IT was a Java 7 problem for us -- we moved back down to 6 and it works great.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial