Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
596
Views
0
Helpful
3
Replies

ASA5510 with AIP-SSM deployment question

a.pawar
Level 1
Level 1

‎09-23-2006 01:58 PM - edited ‎03-10-2019 03:14 AM

Hi

I am slightly confused about this kit. We just want to implement ASA 5510 as IDS at the moment ;doing no more than just watching Traffic from one Vlan. My questions are

1) I have configured it in Promis. mode. I have configured Port Span on the switch with source as vlan 168 and destination as Gig 0/1 on the ASA box.

-->Can I use just this interface to sense the traffic with No Inside or outside interface defined.?

2)I have configured Service Policy through ADSM and assigned Gig 0/1 to Virtual sensor

---> It just shows Gig 0/1 under VS0 why is that ? does this mean I can use only one interface for Promis. mode?

3)The Live Monitoring in GUI was showing absolutely no traffic on Gig 0/1. The Span was ok but not sure why this didn't get any traffic.

when I connected a machine directly to gig 0/1 and did a packet capture I could see packets there.

Am I missing anyhting here??? ANy help on this will be greatly appreciated.

Regards,

Atul

Labels:
0 Helpful
3 Replies 3

jshelmer
Level 1
Level 1

‎09-25-2006 06:22 AM

Atul-

Check out my previous post which steps through how to get the IPS module working inside an ASA appliance.

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.1ddbdb7d/0#selected_message

This should help you get it working properly. Please remember to rate helpful posts. Thanks!

-Jon

0 Helpful

a.pawar
Level 1
Level 1
In response to jshelmer

‎09-25-2006 07:25 AM

Hi Jon

Thanks for your reply. I have seen your previous post and the Links as well. All the examples show configuration with Inside,Outside interface which is different to what I am trying to achieve here. I just want to use Gig 0/1 as sensor receiving Spanned Traffic. Probably the answer is simple but I failed to see any traffic on Gig 0/1 when deployed this way. And yes I has policy directing 'Any Traffic' to it.

Thanks

Atul

0 Helpful

jshelmer
Level 1
Level 1
In response to a.pawar

‎09-25-2006 09:05 AM

I believe in order to get this scenario to work, the ASA will need to be placed inline via Layer 2. I don't believe hanging it off of a SPAN port will work.

I believe this is done by tying two separate VLANs together into a single broadcast domain via the ASA. Once the ASA is inline as such, it should see all of the Layer 2 traffic, and send the appropriate traffic to the IPS via the service-policy. Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card