I tried opening IPS tab in ASDM and its giving error " error connecting to sensor". I checked the connectivity & access.. it is fine..i can ping the mgmt IP of sensor from ASA. pls let me know what next i can do?
I believe the HTTPS session that is launched to the IPS, when you click on the IPS tab of ASDM, is actually between the PC you are sitting at, and the sensors command and control IP address. Make sure the access-list (permitted hosts) on the IPS includes the IP address of the PC you are managing from.
What Keith is saying is a very good and valid point. I'd also add that on occasion, I have had issues with AIP's that presented this way. In which case, I have typically been able to ssh to the ASA then session into the AIP (session 1). Then a reboot usually has worked for me. If 1) your pc has access to the AIP as Keith suggested, and 2) you cannot session in and reboot the ASA, you can try doing one of the following from the ASA CLI.
hw-module module 1 reload
hw-module module 1 reset
Be aware that depending on if you are in fail-close mode that traffic flow can be affected. I have also noticed that it can cause an ASA to go into standby if there is a A/S failover configuration.
Hi Keith / Paul,
The access in IPS is already allowed for the PC IP. even i can ping the IPS mgmt IP from the PC also i can access the IPS CLI from ASA by giving session 1 command. The module is AIP-SSM20 & this is installed on asa5520.
Kindly let me know how to trouble shoot further.
Many thanks in advance
Thanks for all the help extended by you..I am now able to access IDM when i connect to VPN client.. I have one more issue..when i access the ASDM from internet using outside public IP of ASA..i still not able to access IPS TAB. could you pls suggest any workaround on this.
You could use outside nat, and translate traffic destined towards the IPS to a local address, and then tell the sensor that the local address is allowed access to the sensor. You may want to do authentication of the HTTPS for that session at the firewall.