Cisco Cisco ASA 5510 Adaptive Security Appliance 故障排查指南
Only one is allowed at any point in time.
The previous command output indicates that a console connection to the CX module already exists. The
equivalent command for the IPS module is session ips console, which shows this output when used:
equivalent command for the IPS module is session ips console, which shows this output when used:
ciscoasa# session ips console
ERROR: An existing console session is in progress with module ips.
Only one is allowed at any point in time.
Solution
The only way to clear a console connection to the software IPS/CX module on an ASA 5500−X Series
appliance is to clear the CLI connection to the ASA where the console session is active. This section provides
a simulated scenario, similar to the one previously described, that demonsrates the procedure used in order to
clear such a connection.
appliance is to clear the CLI connection to the ASA where the console session is active. This section provides
a simulated scenario, similar to the one previously described, that demonsrates the procedure used in order to
clear such a connection.
Consider an ASA 5525−X with next−generation firewall services (also known as CX) enabled.
ciscoasa# show module cxsc
Mod Card Type Model Serial No.
−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−−−− −−−−−−−−−−−
cxsc ASA CX5525 Security Appliance ASA CX5525 FCH1719J569
Mod MAC Address Range Hw Version Fw Version Sw Version
−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−−−−−−
cxsc 6c41.6aa1.31d4 to 6c41.6aa1.31d4 N/A N/A 9.1.1
Mod SSM Application Name Status SSM Application Version
−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−
cxsc ASA CX Up 9.1.1
Mod Status Data Plane Status Compatibility
−−−− −−−−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−−−
cxsc Up Up
There is a Secure Shell (SSH) session established with the ASA in addition to a console connection.
ciscoasa# show asp table socket
Protocol Socket State Local Address Foreign Address
SSL 000069e8 LISTEN 10.106.44.101:443 0.0.0.0:*
TCP 00009628 LISTEN 10.106.44.101:22 0.0.0.0:*
TCP 0000da58 ESTAB 10.106.44.101:22 64.103.226.139:52565
The bolded connection shown in the output is the SSH session where the console connection to the CX
module is active. Attempts to access the console from another CLI connection (such as a console connection
to the ASA) fail with the error previously mentioned. The output of the show conn all command is used in
order to discover the SSH connection to the ASA, which is cleared with use of the clear conn all command.
module is active. Attempts to access the console from another CLI connection (such as a console connection
to the ASA) fail with the error previously mentioned. The output of the show conn all command is used in
order to discover the SSH connection to the ASA, which is cleared with use of the clear conn all command.
ciscoasa# show conn all | in 52565
1 in use, 4 most used
TCP mgmt 64.103.226.139:52565 NP Identity Ifc 10.106.44.101:22,
idle 0:04:16, bytes 10284, flags UOB
ciscoasa#
ciscoasa#
ciscoasa# clear conn all port 52565
1 connection(s) deleted.
ciscoasa# show conn all | i 52565
0 in use, 4 most used