Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1550
Views
6
Helpful
3
Replies

ASA IPS IDS module suggetion

Haris P
Enthusiast
Enthusiast

‎01-17-2012 12:47 AM - edited ‎03-10-2019 05:35 AM

Dear All ,

I have 2 ASA firewalls (ASA 5510 Security Plus license.) running in Active/Standby mode and I wanted to add IPS /IDS module on the existing one

Which part number will be needed ?  ASA-SSM-AIP-10-K9 will do the job ? or security plus needed ?

What kind of reports this will generate ? Whether i can push the report to a syslog server ?

Please answer me as it is urgent . i will rate the useful comments

Regards

Haris P

Labels:
0 Helpful
3 Replies 3

rhermes
Rising star
Rising star

‎01-17-2012 02:43 PM

Haris -

for the ASA5510 you only have a few options, the

ASA-SSM-AIP-10-K9  will work fine unless you need more thruput (the sensor throuput is  less than the host ASA) then you should go to a AIP-SSM 20. (part numbers in here)

http://www.cisco.com/en/US/partner/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6825/product_data_sheet0900aecd80404916_ps6120_Products_Data_Sheet.html

Security Plus is a ASA firewall feature set, and has nothing to do with the IPS functionality. You will be purchasing an annual license for the IPS sensor, that will give you the full functionality of the unit.

Reports can be created off the management platform. If your customer has 5 or less IPS sensors, they can use the free IME.

http://www.cisco.com/en/US/partner/prod/collateral/vpndevc/ps5729/ps5715/ps9610/data_sheet_c78-459033.html

You can't generate syslog from the IPS sensors. You can use the native SDEE to send events to IME or anything else that can process SDEE feeds. Alternately you can option each signature to generate an SMP trap (but that is more work).

- Bob

Haris P
Enthusiast
Enthusiast
In response to rhermes

‎01-17-2012 09:43 PM

Dear Bob,

thanks for the reply .

The ASA existing with me is ASA 5510 and as per below doc AIP-SSM 20 not supported on that

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6825/product_data_sheet0900aecd80404916_ps6120_Products_Data_Sheet.html

Another thing the link send by you are not accessible . It is saying Forbidden File or Application . Could you please send the part numebrs as reply to this .What I need is a IDS/IPS for my existing 5510 with 1 year subscription +  logging for this reports

regards

Haris P

0 Helpful

rhermes
Rising star
Rising star
In response to Haris P

‎01-18-2012 08:40 AM

Here's the part number for the IPA-SSM10:

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module 10 (AIP-SSM-10)

ASA-SSM-AIP-10-K9=

I don;t know what the smartnet contract part number is, but you should be able to find that in the price search tool.

You can download IME from teh same download location as teh rest of the sensor software. It's free for manageming up to 5 sensors.

- Bob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents