10-17-2018 10:03 PM - edited 02-21-2020 08:22 AM
Hi can you help me w/ the following?
Solved! Go to Solution.
10-18-2018 07:18 PM
If you connected it to Eth0/2 you would also need to fully configure that interface and associated security policies to allow communications.
It would be better to plug it into a switch and VLAN that's common with the ASA inside interface. Your ASDM need to communicate with the IP addresses of both the ASA and SSM.
By the way that ASA and module are well past end of support. Is there something you are trying to do with it in particular?
10-19-2018 11:27 AM
Either way IPS will act the same.
If you use a firewall interface to connect the SSM management, then it must have more configuration associated with it as generally speaking firewalls don't pass traffic between all interfaces by default.
10-19-2018 08:06 PM
Either way can be made to work. Using a switch is less effort to make that happen.
Since your switch has a default configuration, all ports are on the same VLAN (VLAN 1). So yo can plug in your PC, the ASA inside interface and the SSM management interface to three switch ports and then use ASDM. It should be able to see the IPS module then,
I repeat however that the SSM is a very old product. It is no longer supported and you will not be able to get updates for it. Fewer and fewer people will be able to help you with it, it's not relevant for current certifications and it provides minimal protection against modern threats.
10-20-2018 06:30 AM
Change the IPS address to be on the same 10.1.1.0/24 subnet as your ASA inside address.
Make your PC yet another address on that subnet.
All three are on the same VLAN so they must be on the same subnet to communicate.
10-21-2018 02:09 AM
Your ASA already has address 10.1.1.2 /24 assigned to Eth0/1.
Set your SSM IPS address to 10.1.1.3 /24 with gateway as the ASA 10.1.1.2 address. Confirm it from the ASA with "show module ips detail" command.
Set your PC to 10.1.1.4/24.
Plug them all (ASA eth0/1, SSM Eth and PC wired Ethernet adapter) into your switch.
Launch ASDM from the PC and direct it to 10.1.1.2. The ASA should tell ASDM to pull the IDS details from 10.1.1.3. Then it should populate the IDS menus.
10-17-2018 11:43 PM
I can access it over CLI not from within ASDM.That wouldn't be a problem.The real problem is I don't know how to configure it.
10-18-2018 06:14 PM
I can't access it from ASDM within the tabs inside the app.What is wrong?Can someone please help?And what the eth port is used for?
10-18-2018 06:33 PM
I connected the eth port of ssm10 to the ethernet0/2 of asa 5510 and now shows the interface is up.i gave ip's but still can't access it through asdm.
10-18-2018 07:18 PM
If you connected it to Eth0/2 you would also need to fully configure that interface and associated security policies to allow communications.
It would be better to plug it into a switch and VLAN that's common with the ASA inside interface. Your ASDM need to communicate with the IP addresses of both the ASA and SSM.
By the way that ASA and module are well past end of support. Is there something you are trying to do with it in particular?
10-18-2018 09:42 PM
Hi!
thanks for the information.it was valuable.no I don't want to do something special.just to set the intrusion detection system.
10-19-2018 12:31 AM
What features I will have if connected to my cisco catalyst and which on the asa5510 eth0/2?
10-19-2018 11:27 AM
Either way IPS will act the same.
If you use a firewall interface to connect the SSM management, then it must have more configuration associated with it as generally speaking firewalls don't pass traffic between all interfaces by default.
10-19-2018 06:05 PM
Either way I will be able to use asdm for the ssm10?or it must be only connected on the asa5510 interface?
10-19-2018 06:41 PM
Here's the conf of my cisco catalyst 2950series enterprise.
10-19-2018 08:06 PM
Either way can be made to work. Using a switch is less effort to make that happen.
Since your switch has a default configuration, all ports are on the same VLAN (VLAN 1). So yo can plug in your PC, the ASA inside interface and the SSM management interface to three switch ports and then use ASDM. It should be able to see the IPS module then,
I repeat however that the SSM is a very old product. It is no longer supported and you will not be able to get updates for it. Fewer and fewer people will be able to help you with it, it's not relevant for current certifications and it provides minimal protection against modern threats.
10-19-2018 10:00 PM
Ok!Thank you!
10-19-2018 10:08 PM
That's how I have them connected.But I don't know what IPs to use to access SSM from within ASDM.
10-19-2018 10:40 PM
VLAN1 is up also all interfaces.But I never setted up IPs.The inside is 10.x.x.x/24 and outside is 192.168.x.x on my asa5510
10-20-2018 02:41 AM
I did what you told me but I still can't access it from within asdm.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide