cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
753
Views
0
Helpful
2
Replies

Configuring ASA 5510 w/ SSM-10 in transparent mode

Hello everyone.

I'm trying to configure an ASA5510 w/ SSM-10 to run in transparent mode and be able to manage it remotely. This setup is due to the client's environment. I'm familiar with 5505's, but this is the first time with a dedicated management port and a dedicated IPS Ethernet port.

Few questions:

- Can I access both the FW and IPS through the dedicated management port via SSH and ASDM/IDM?

- Can I assign the management port an external IP address and to establish a L2L VPN tunnel for remote management and tunnel syslog and IPS logs through it?

- Would I be able to route Syslog and IPS event through the Management port to a remote event collector?

- Cabling clarification: internal switch connected to the ASA's management interface and to the IPS' management interface.

Thanks in advance.

Sent from Cisco Technical Support iPhone App

Everyone's tags (3)
2 REPLIES 2
Participant

Configuring ASA 5510 w/ SSM-10 in transparent mode

Hello,

1. Yes you can have ssh and asdm/idm access through the management port.

2. you cannot terminate VPN on the ASA while in transparent mode

3. yes you can use the management port to pull syslogs

4. your cabling looks correct.

Regards,

Felipe.

Highlighted
Enthusiast

Configuring ASA 5510 w/ SSM-10 in transparent mode

Can I access both the FW and IPS through the dedicated management port via SSH and ASDM/IDM?

Sorta, you can ssh to the ASA and from there establish a backplane connection to the module.

Can I assign the management port an external IP address and to establish  a L2L VPN tunnel for remote management and tunnel syslog and IPS logs  through it?

Would I be able to route Syslog and IPS event through the Management port to a remote event collector?

Yes, but you can't do the IPS part though.

The IPS is an independant unit and will use its own management interface to send logs, the only way you can do this is to log into the ASA, then into the IPS and get the logs you are looking for.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/fwmode.html#wp1198794

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/fwmode.html#wp1214750

Cabling clarification: internal switch connected to the ASA's management interface and to the IPS' management interface.

This is ok, if you want the units to communicate make sure they are part of the same vlan.