ASA 5515-X vlan and IPS configuration

memonet1red · ‎10-11-2012

Hi, i need to configure a new ASA 5515-X with a 3 trunk port for vlans that become from switch, but i need turn on IPS in in-line mode, somebody has an example and limitations for this configuration type? thanks and regards

Julio Carvajal · ‎10-27-2012

Hello Guillermo,

Here is a documment regarding the IPS setup and how to manage it

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a0080bd5d03.shtml

Let us know if you have any other question,if not mark it as answered

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

memonet1red · ‎10-31-2012

Hi, I need to know "how-to" configure in asa 5515-x inspection in different vlans, its very important this information for a close a deal with a custom, the scenario is:

WAN -- layer 3 switch -- asa 5515-x -- switch with servers

flow is...from layer 3 receive a different physical networks and connect to trunk port in the asa, after that asa routed and send traffic to interface trunk to switch layer 3 for distribuited traffic to the servers

i need to configure IPS prevention for only permit traffic valid with target server specific

please help

thanks and regards

Julio Carvajal · ‎10-31-2012

Hello Guillermo,

Okay so from the ASA perspective you need to send the traffic to the IPS module using the MPF.

You match the traffic using an ACL!

http://www.cisco.com/en/US/docs/security/ips/7.1/configuration/guide/cli/cli_asa_ips.pdf

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC