ASA 5520 IPS with ASA 5540

aryarahul · ‎05-27-2012

Hi,

I have an ASA 5540 F/W and a ASA 5520 IPS with AIP-SSM 20.

Rite now ASA 5540 is conected with the internet Router on the outside interface , there is an inside zone and a DMZ zone as well.

My Question is where shud i put IPS?

1_ Between the internet router and the ASA 5540

2_ or in the inside zone ?

If i were to put it in between the outside zone i.e between ASA 5540 Outside and the internet router then do i require separate WAN ips for the inside and outside of IPS ?? currently as required ASA 5540 outside has been configured a WAN ip

Please help

sawgupta · ‎05-27-2012

It depends on your requirement. However configuration should be like "Internet Router <--> ASA 5540 <--> IPS"

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta

aryarahul · ‎05-28-2012

Thanks for the reply ..

so if i were to put it as Internet Router -- ASA 5540 --ASA 5520 (IPS) then shud IPS be put in the DMZ zone ??or the Inside zone ..i guess it shud b in the DMZ zone ...in that case it will be assigned a LAN ip on both interfaces.?

aryarahul · ‎05-30-2012

anybdy ??

Todd Pula · ‎06-01-2012

I am not sure I understand your requirement for the second ASA. You could just install the SSM-20 into the 5540 and choose to inspect traffic either globally (all interfaces) or on a subset of interfaces.

m-mostafa · ‎04-01-2013

hi please i want to ask a question about the ASA IPS Password

i lost my ASA IPS PASSWORD what to do?

jocamare · ‎04-01-2013

Try this command from the ASA's CLI.

"hw-module module 1 password-reset"

m-mostafa · ‎04-14-2013

thanks for your reply

but what about the existing configuration or this command will not effect the configuration

aryarahul · ‎04-14-2013

if IPS is to be installed along with a separate ASA then what shud be the architecture

i have 2 ASA 5540 configured as Cluster and a Separate ASA IPS 5520

where shud i put the ASA 5520 ???