https://community.cisco.com/t5/network-security/ssm-aip-function/m-p/2087429#M54238 <HTML><HEAD></HEAD><BODY><P>Yes it should, but it needs to be configured. Have you checked if the logging is still enabled? Can you verify if the ASA is sending IPS traffic to the AIP? please refer to below link for configuring AIP on ASA. </P><P><A href="http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clissm.pdf">http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clissm.pdf</A></P></BODY></HTML> Mon, 07 Jan 2013 10:24:15 GMT Rudy Sanjoko 2013-01-07T10:24:15Z https://community.cisco.com/t5/network-security/ssm-aip-function/m-p/2087428#M54237 <P>I've just had a TAC opened and the technician did some global inspection rule and a ping test from internal server to the firewall/IPS and we saw the event.&nbsp;&nbsp; A few weeks have passed and none of the reports have any data.</P><P></P><P>I've ran a NeXpose vulnerability scanner from inside against the firewall's internal IP and ran NeXpose from the outside against multiple firewall's IPs.&nbsp; I still don't see any events in the IDM, IPS Manager Express, or the ASDM.</P><P></P><P>Shouldn't the vulnerability scanner trigger the IPS internally and externally?</P> Sun, 10 Mar 2019 12:51:51 GMT https://community.cisco.com/t5/network-security/ssm-aip-function/m-p/2087428#M54237 itlibrary 2019-03-10T12:51:51Z https://community.cisco.com/t5/network-security/ssm-aip-function/m-p/2087429#M54238 <HTML><HEAD></HEAD><BODY><P>Yes it should, but it needs to be configured. Have you checked if the logging is still enabled? Can you verify if the ASA is sending IPS traffic to the AIP? please refer to below link for configuring AIP on ASA. </P><P><A href="http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clissm.pdf">http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clissm.pdf</A></P></BODY></HTML> Mon, 07 Jan 2013 10:24:15 GMT https://community.cisco.com/t5/network-security/ssm-aip-function/m-p/2087429#M54238 Rudy Sanjoko 2013-01-07T10:24:15Z https://community.cisco.com/t5/network-security/ssm-aip-function/m-p/2087430#M54240 <HTML><HEAD></HEAD><BODY><P>Where do I check to see if logging is still enabled?</P><P></P><P>I've enabled rule 2000 and 2004 for ICMP and I do see ICMP Echo Request and ICMP Echo Reply in IME Event View when I ping google.com from the inside.&nbsp; When I run NeXpsoe scanner against the firewall from inside and outside, there are no events displayed.</P></BODY></HTML> Mon, 07 Jan 2013 13:43:05 GMT https://community.cisco.com/t5/network-security/ssm-aip-function/m-p/2087430#M54240 itlibrary 2013-01-07T13:43:05Z https://community.cisco.com/t5/network-security/ssm-aip-function/m-p/2087431#M54242 <HTML><HEAD></HEAD><BODY><P>If you are saying that you can see ICMP traffic but no event being generated from nmap, that makes me think that perhaps your IPS has been tuned to ignores the alerts from the nexpose in your network, I'm not so sure how you configured it but here is on how to tuning it, please verify if you have deployed and configured it correctly, also check your ips policies and signature file,</P><P><A href="http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/overview_c17-464691_ps6120_Products_White_Paper.html" rel="nofollow">http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/overview_c17-464691_ps6120_Products_White_Paper.html</A></P></BODY></HTML> Mon, 07 Jan 2013 14:21:48 GMT https://community.cisco.com/t5/network-security/ssm-aip-function/m-p/2087431#M54242 Rudy Sanjoko 2013-01-07T14:21:48Z https://community.cisco.com/t5/network-security/ssm-aip-function/m-p/2087432#M54244 <HTML><HEAD></HEAD><BODY><P>Ping Firewall produces no events</P><P>Ping Google.com produces ICMP events</P><P>No specific Policy or rule for NeXpose scanner or it's IP address.</P><P>Logging is enabled</P></BODY></HTML> Mon, 07 Jan 2013 15:44:14 GMT https://community.cisco.com/t5/network-security/ssm-aip-function/m-p/2087432#M54244 itlibrary 2013-01-07T15:44:14Z