04-01-2013 11:59 PM - edited 03-10-2019 05:56 AM
I have recently installed and initialized IPS module on ASA 5520 with help of cisco tec-support. But i dont see any traffic on IPS Dashboard. Our previous IPS 4240 shows alot of hits on its Dashboard. Why is this?
04-02-2013 01:46 PM
What version of IDM are you using?
Can you share a screenshot of what you are seeing?
Try to use the latest version of IDM and also try to access the module using a web browser instead of the launcher, in case you are using the launcher.
04-02-2013 09:28 PM
I have attached the file you requested.
The IDM version is 7.1
Cisco IPS Manager Express 7.2.3
Here Below is how i have initalized IPS module and how i have send the traffic to IPS on ASA5520.
access-list outside_ips extended permit ip any any
class-map inspection_default
match default-inspection-traffic
class-map outside-class
match access-list outside_ips
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
class outside-class
ips inline fail-open sensor vs0
!
service-policy global_policy global
I believe with above configuration i will be able to inspect all traffic that is coming from external to DMZ and from DMZ to inside.The dashboard image, which i have attached is been like that for a week now. Before I removed our old IPS 4240, i see lots of traffic/hits on that dashboard (4240). which i believe i should see on this new IPS dashboard aswel. This makes me confuse. I think i doing this wrong.
04-03-2013 11:39 AM
Two things we can try.
Try to "rediscover" the sensor.
Basically go to the device list, delete it and add it back.
If that doesn't work, try to reload the server that has the IME software.
04-03-2013 12:56 PM
Hello,
Something else you can check is the backplane interface, soemtimes the backplane interface is not enabled and the IPS does not process/inspect any data.
You can check the backplane inteface by going to configuration > policies > right click on the vs0 or vs1 and "check" the interface if it is uncheck.
Below you can see an example:
Hope it helps.
Regards,
Juan Lombana
Please rate helpful posts.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: