Did you try to assign it to another VS? Or leave it unassigned? I had a similar problem but one solution finally worked.
Regards, Piotr Kaluzny : Sr Instructor : iPexpert <http://www.ipexpert.com> CCIE # 25665 :: Security *:: World-Class Cisco Certification Training* Direct: +1-810-326-1444 :: Free Videos <http://www.youtube.com/ipexpertinc> :: Free Training / Product Offerings <https://www.facebook.com/IPexpert> :: CCIE Blog <http://blog.ipexpert.com/> :: Twitter <https://twitter.com/ipexpert> On Mon, Mar 24, 2014 at 5:47 PM, Bastien Migette <bastien.mige...@gmail.com>wrote: > Hi Folks, > > Currently doing WB2 LAB2 and not sure what I am missing here. > IPS Config guide states: > > The ASA 5500-X IPS SSP has one sensing interface, PortChannel 0/0. When > you create multiple virtual sensors, you must assign this interface to only > one virtual sensor. For the other virtual sensors you do not need to > designate an interface. > > After you create virtual sensors, you must map them to a security context > on the adaptive security appliance using the *allocate-ips* command. You > can map many security contexts to many virtual sensors. > > > The thing is IPS Inspection works only when this interface is mapped to > the virtual sensor. > > > For example, if I configure vs0 for PortChannel0 on ASA3, DMZ ICMP packets > will generate alerts (going thru C1 as per the lab task). > > If I put the int on VS1, no alerts. > > > For ASA4, if I map the PortChannel to VS0, no ICMP are blocked. If I map > it to VS1, ICMPs are blocked correctly. > > > ASA3/act(config)# sh ver | i Vers > > Cisco Adaptive Security Appliance Software Version 8.6(1) <system> > > > ASA3/act(config)# sh ips > > Sensor Name Sensor ID Allocated To Mapped Name > > ----------- --------- ------------ ----------- > > vs0 1 C1 vs0 > > vs1 2 C2 vs1 > > > ASA3/act(config)# sh module ips details > > Getting details from the Service Module, please wait... > > > Card Type: ASA 5515-X IPS Security Services Processor > > Model: ASA5515-IPS > > Hardware version: N/A > > Software version: 7.1(4)E4 > > > > Any idea ? > > I checked the DSG and as far as I know I have same config, except that I > put MGMT in 10.1.1.0 (vlan 100) > > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc >
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
