AIP-SSM inline mode Question

mohamed_makled — Sun, 10 Mar 2019 11:14:15 GMT

Dear all

i have an ASA 5520 with ips module . i installed it since 3 weeks. For the ips module , it is installed in inline mode.

Till now i didnot see any events appeared on the sensor.i configured it to scan http traffic from any source to the inside LAN subnet (10.1.0.0/16)

can i know that if the sensor is working properly or not?? and how ???

The following is the configuration on the ASA:

access-list outside_mpc extended permit tcp any 10.1.0.0 255.255.0.0 eq www

class-map outside-class

match access-list outside_mpc

policy-map outside-policy1

class outside-class

ips inline fail-open sensor vs0

service-policy outside-policy1 interface outside.

please find the attached file for ips config.

Thanks

Re: AIP-SSM inline mode Question

rhermes — Wed, 06 Aug 2008 14:58:31 GMT

Your config looks very similar to my working ASA confis. The only exception is your virtual sensor entries in the ASA and the IPS. If you don't need them they can be left out.

Assuming your config is correct, you can try opening up your access list to more traffic and see if you get events. You can turn on signature 2004 for ICMP echo replies if you want to stimulate some events for yourself.

topic Re: AIP-SSM inline mode Question in Network Security

AIP-SSM inline mode Question

Re: AIP-SSM inline mode Question