Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
4
Helpful
4
Replies

ASA 5540 Firewall

Sw33tpea1
Level 1
Level 1

‎11-24-2008 10:42 AM - edited ‎03-11-2019 07:17 AM

Does the 5540 without the AIP-SSM module have a Fail-Close option?

Labels:
0 Helpful
4 Replies 4

ajagadee
Cisco Employee
Cisco Employee

‎11-24-2008 10:57 AM

Hi,

Yes. Please refer the below URL for configuration details:

"ips promiscuous fail-close"

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/i3_72.html#wp1733789

Regards,

Arul

*Pls rate if it helps*

0 Helpful

Sw33tpea1
Level 1
Level 1
In response to ajagadee

‎11-24-2008 11:32 AM

Arul, thanks, but, this still refers to the AIP SSM Module. I do not have one in my system. Does this still applies?

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to Sw33tpea1

‎11-24-2008 11:59 AM

Hi,

One of these days, I need to get my glasses :-)

My understanding is, the above commands apply only if you have a SSM in the chassis. The reason being, you don't want the ASA to drop traffic if the SSM Fails.

But, if you are doing IPS on the ASA itself, meaning no SSM, I dont think you have an option of fail close.

Regards,

Arul

Sw33tpea1
Level 1
Level 1
In response to ajagadee

‎11-24-2008 12:39 PM

Arul,

Thanks I thought that was the case.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card