I've never worked with a

Travis Marzo · ‎10-23-2015

I have a spare 5506w that I am looking to use as an IDS sensor in my environment. We already own a SourceFire license for this box. What I'm looking to do is configure a SPAN port on my 5ks, have the 5506 monitor traffic and report back to my defense center. SPAN port is already configured and sending traffic. ASA is not capturing the traffic. Is there a way to configure the ports on the ASA to be promiscuous?

Aastha Bhardwaj · ‎10-23-2015

Hi,

I think the command "traffic-forward sfr monitor-only" will help.

Refer the link : http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/T-Z/cmdref4/t2.html#pgfId-1614309

Regards,

Aastha

Rate if that helps!!!

Marvin Rhoads · ‎10-24-2015

In additions to the command Aastha mentioned, the ASA has to be in transparent mode for that command to be available. The default mode is routed.

Remember - switching modes will erase the current configuration on the ASA! So make sure you have a backup if the current configuration is important to you.

Travis Marzo · ‎10-27-2015

I've never worked with a transparent firewall before. How am I to manage it remotely? I was able to assign an IP address to the management port but unable to ping. I am sitting on the same subnet. I haven't been able to find any articles to point me in the right direction....

Thank you for all the help so far.

Aastha Bhardwaj · ‎10-27-2015

Hi,

You can go through doc : http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/97853-Transparent-firewall.html

Regards,

Aastha Bhardwaj

Rate if it helps!!!

AA 5506 as a IDS