11-11-2013 04:35 AM - edited 03-11-2019 08:03 PM
I have a query on ASA-5525-IPS which is a software only module.
a) Can I configure both ASA & IPS with ASDM?
b) Can I configure both ASA and IPS with single IP address instead of a separate IP for ASA/IPS management?
11-11-2013 11:24 AM
a) While I believe you can configure the IPS side using ASDM, you will get better results using something like IME or CSM.
b) No, you will need separate IP address for the ASA and the IPS. Furthermore, the IPS will have to use the management interface; you can manage the ASA over any interface.
-- Jim Leinweber, WI State Lab of Hygiene
11-11-2013 11:42 PM
ASA-5525-IPS is a software only module & no physical management interface. So can I use the same mgmt interface from ASA for both ASA/IPS with a single IP address?
11-12-2013 09:25 AM
You have to use the management interface for the IPS. You may also simultaneously use the management interface for the ASA. However, you will need an external router, as the interface has to be set for management-only for the IPS, which prevents passing traffic through the firewall to it directly. E.g. the management interface for the ASA could be 192.168.10.10/24 and the IPS could be configured with 192.168.10.11/24. The default router for 192.168.10.0/24 would have to be some other device.
Due to lack of routers in my environment, I'm managing my ASA devices through non-management interfaces, and having the IPS address share a subnet with a different ASA interface.
-- Jim Leinweber, WI State Lab of Hygiene
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide