cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1665
Views
0
Helpful
12
Replies
Highlighted
Contributor

AIP-SSM Int gig0/0

Looking for an explanation of the gig0/0 interface in the AIP-SSM-20. The ASA runs 8.2 and the IPS runs 6.2.

The documentation I'm reading doesn't mention it all. I want a management interface separate from the default connection between the ASA and the ips module.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: AIP-SSM Int gig0/0

M0/0 is the only interface you would configure IP address on. That would be used for the management traffic.

You do not configure any IP on G0/0 or G0/1 as the traffic that is to be inspected flows from the ASA to the module internally. You just define the policy-map on ASA to identify the traffic that flows to the module for inspection.

Check this link for details:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml

View solution in original post

12 REPLIES 12
Highlighted
Beginner

Re: AIP-SSM Int gig0/0

Highlighted
Contributor

Re: AIP-SSM Int gig0/0

Thanks for the reply.

This is for an AIP-SSM-20.

The Management interface for the module has what designation, gig0/0?

This IP address is different from the backplane default being used by the module to communicate with the ASA, correct?

The management interface is accesses via a physical port on the module itself, correct?

This same physical interface on the module is the reporting ip address being used when adding the sensor to MARS, correct?

Highlighted
Beginner

Re: AIP-SSM Int gig0/0

GigabitEthernet0/1

Yes, the IP address is different. The physical port G0/1 is only used for management. The IP on the G0/1 of the module may be in the same subnet as the mangement interface of the ASA. Also you need to define a default gateway for the module. Whatever IP you configure for G0/1, would be used by MARS.

Highlighted
Contributor

Re: AIP-SSM Int gig0/0

Hi Tanveer,

Thanks for the detailed response.

I believe that I was confusing the different modules.

Here is one last question from the setup command and the advanced configuration:

Management0/0 and gigabit 0/1 are given different IP addresses, correct? We want to use a same management vlan used by all networking devices. Does the gig0/1 have a different ip and is it the interface which connects to the ASA over the backplane?

Modify interface/virtual sensor configuration?[no]: yes

Current interface configuration

Command control: Management0/0

Unassigned:

Monitored:

GigabitEthernet0/1

Thank you in advance!

Highlighted
Contributor

Re: AIP-SSM Int gig0/0

Hi Tanveer,

Thanks for the detailed response.

I believe that I was confusing the different modules.

Here is one last question from the setup command and the advanced configuration:

Management0/0 and gigabit 0/1 are given different IP addresses, correct? We want to use a same management vlan used by all networking devices. Does the gig0/1 have a different ip and is it the interface which connects to the ASA over the backplane?

Modify interface/virtual sensor configuration?[no]: yes

Current interface configuration

Command control: Management0/0

Unassigned:

Monitored:

GigabitEthernet0/1

Thank you in advance!

Highlighted
Beginner

Re: AIP-SSM Int gig0/0

M0/0 is the only interface you would configure IP address on. That would be used for the management traffic.

You do not configure any IP on G0/0 or G0/1 as the traffic that is to be inspected flows from the ASA to the module internally. You just define the policy-map on ASA to identify the traffic that flows to the module for inspection.

Check this link for details:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml

View solution in original post

Highlighted
Beginner

Re: AIP-SSM Int gig0/0

Hi Tanveer,

this is Yugandhar.

we are also having same confusion. if we assign management IP to Cisco ASA and IPS what will be the Gateway? becuase we are using different network in LAN. correct? we are having VLAN and DMZ environment. can you please explain clearly about physical connection? because we configured ASA and AIP-SSM-20 but we are not able to see any traffic. please help me on this.

please find attached sensor configuration also

Regards,

Yugandhar. M

Highlighted
Beginner

Re: AIP-SSM Int gig0/0

Hi Tanveer,

we did not configure any management IP on Management interface.

Regards,

Yugandhar. M

Highlighted
Beginner

Re: AIP-SSM Int gig0/0

Hi Tanveer,

we did not configure any management IP on Management interface on Cisco ASA 5510

Regards,

Yugandhar. M

Highlighted
Beginner

Re: AIP-SSM Int gig0/0

The traffic that the ASA forwards to the AIP-SSM module for inspection is sent internally and does not use the management interface. The management interface is only to monitor/manage the module.

Highlighted
Beginner

Re: AIP-SSM Int gig0/0

Thanq Tanveer.

i was connected Mangaement interface to my local LAN to access the Sensor and assigned sensor IP address as 192.168.1.87/24, and accessing AIP-SSM through ASDM using this IP only but i am able to send the traffic to AIP-SSM.

One more question tanveer. i am able to send the traffic to AIP-SSM because of service policy written in ASA. then i tried to block Yahoo HTTP-Proxy chat by using IPS signature. it is showing denied message in event viewer but it is not blocking. please help me on this. please find attached screenshot also

Regards,

Yugandhar. M

Highlighted
Beginner

Re: AIP-SSM Int gig0/0

Once you identify the signature and its ID number, you will need to Edit the signature and choose the drop action. The default action may be to produce alert only.