Hi james,ASA 5512-X run the

James Hoggard · ‎04-01-2014

Hi,

I have been on and off this project for a month but hopfully will have the next week or two to focus on it.

I have a cisco ASA 5512X and i'm trying to get the IPS working.

Looking on google and cisco forums it says you need a management interface. We do not use the management interface we just have the lan port of the ASA plugged direct into our LAN switch.

few questions i need clearing up.

1. Do i need to use the management interface? If i do, do a need to route it to my internal lan as we only plug into a switch not a layer 3 device to do any routing?

2. Can i not just use my inside interface?

3. When the above is complete do i need to use the MPF to route all traffic to the IPS? if so can i use an ACL any any on the outside interface?

I want to check traffic coming from the internet to my LAN.

I have looked at http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/ips/ips_qsg.html and still cannot get it working. The way i have tested is my enabling all the signatures based on icmp/ping sweep. when i test from the outisde i look at the IPS logs and get nothing?

Any help on this would be great.

Poonam Garg · ‎04-09-2014

Hi james,

ASA 5512-X run the IPS module as a software module, and the IPS management interface shares the Management 0/0 interface with the ASA.

1. You need to use mgt0/0 interface , You must remove the ASA-configured name for Management 0/0 and configure IPS address from one of the ASA inside network, just plug it in your switch.

3. Yes, you need MPF to route traffic to the IPS module. You need not to open any to any ACL on the outside interface as it will be a huge security hole.

Create an ACL with the desired traffic to be inspected by IPS.

In your case use ACL with source any destination to your LAN network and match it under class map.

HTH

"Please rate helpful posts"