cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1648
Views
6
Helpful
3
Replies

ASA IPS IDS module suggetion

Haris P
Level 4
Level 4

Dear All ,

I have 2 ASA firewalls (ASA 5510 Security Plus license.) running in Active/Standby mode and I wanted to add IPS /IDS module on the existing one

Which part number will be needed ?  ASA-SSM-AIP-10-K9 will do the job ? or security plus needed ?

What kind of reports this will generate ? Whether i can push the report to a syslog server ?

Please answer me as it is urgent . i will rate the useful comments

Regards

Haris P

3 Replies 3

rhermes
Level 7
Level 7

Haris -

for the ASA5510 you only have a few options, the

ASA-SSM-AIP-10-K9  will work fine unless you need more thruput (the sensor throuput is  less than the host ASA) then you should go to a AIP-SSM 20. (part numbers in here)

http://www.cisco.com/en/US/partner/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6825/product_data_sheet0900aecd80404916_ps6120_Products_Data_Sheet.html

Security Plus is a ASA firewall feature set, and has nothing to do with the IPS functionality. You will be purchasing an annual license for the IPS sensor, that will give you the full functionality of the unit.

Reports can be created off the management platform. If your customer has 5 or less IPS sensors, they can use the free IME.

http://www.cisco.com/en/US/partner/prod/collateral/vpndevc/ps5729/ps5715/ps9610/data_sheet_c78-459033.html

You can't generate syslog from the IPS sensors. You can use the native SDEE to send events to IME or anything else that can process SDEE feeds. Alternately you can option each signature to generate an SMP trap (but that is more work).

- Bob

Dear Bob,

thanks for the reply .

The ASA existing with me is ASA 5510 and as per below doc AIP-SSM 20 not supported on that

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6825/product_data_sheet0900aecd80404916_ps6120_Products_Data_Sheet.html

Another thing the link send by you are not accessible . It is saying Forbidden File or Application . Could you please send the part numebrs as reply to this .What I need is a IDS/IPS for my existing 5510 with 1 year subscription +  logging for this reports

regards

Haris P

Here's the part number for the IPA-SSM10:

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module 10 (AIP-SSM-10)

ASA-SSM-AIP-10-K9=

I don;t know what the smartnet contract part number is, but you should be able to find that in the price search tool.

You can download IME from teh same download location as teh rest of the sensor software. It's free for manageming up to 5 sensors.

- Bob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card