Cisco Cisco ASA 5525-X Adaptive Security Appliance 정보 가이드

Contributed by David Houck and Corey Lawrence, Cisco TAC
Engineers.
May 24, 2013

This document answers a specific question about Cisco Adaptive Security Appliance (ASA) syslog messages.

These syslog messages appear on the ASA:

ASA5585−SSP−IPS20 Module in slot 1, application up "IPS", 

version "7.1(1)E4" Normal Operation

ASA5585−SSP−IPS20 Module in slot 1, application reloading "IPS",

version "7.1(1)E4" Config Change

The ASA does not failover, and the IPS does not show as "failed."  What is the impact of this message? What
does it mean? Should I be concerned about this message?

These messages are generated during some, but not all, of the Global Correlation (GC) updates that are
attempted every five minutes. This message is also generated during an IPS signature update. This message is
expected behavior. 

A GC check occurs every five minutes, but updates might not be available. This GC check is why the
message can appear every hour or so during normal operation. When a GC update actually takes place or a
signature update starts, the IPS sends a message to the ASA that indicates that a configuration change is
underway.

The application does not actually reload as an ASA would if the reload command was issued. The IPS adjusts
the Analysis Engine and notifies the ASA of the change. This operation can occur at the same time that the
IPS goes into bypass mode while it processes the updates. Again, this is normal operation, and there is no
functional impact to the IPS or the ASA performance.

Cisco bug ID CSCub28854 was filed to resolve or document this issue from the IPS side.

Cisco bug ID CSCts98836 was filed to resolve the message on the ASA.