Solved: Cisco 5515-X IPS/CX modules installed

juan-ruiz · ‎01-23-2015

I came across a Cisco ASA 5515-X 9.1 code running two modules a Cisco IPS without a software image and a Cisco CX not configured with 9.1.

Do I need to configure the CX for anything or can I just download the IPS software module code and install it and be off and running configuring the IPS module as normal?

Since this ASA is running the software IPS which is the correct software to use on this ASA?

Can someone please provide me a link?

Thanks,

JC

Marvin Rhoads · ‎01-23-2015

There are three different types of IPS that can run on an ASA 5515-X. Only one can run at a time and each requires a subscription license for current coverage.

1. Classic Cisco IPS. This is approaching End of Sales (link) and requires your Smartnet coverage for the ASA be current with the IPS service attached.

2. IPS as one of the three licenses available on CX. (The other two are Web Security Essentials (WSE) and Application Visibility and Control (AVC).) This was the interim product introduced prior to option 3 below being available. End of Sales has not been announced; but it is not being actively developed or enhanced.

3. IPS as one of the licenses available with FirePOWER Services ("sfr" or Sourcefire module). Requires ASA 9.2(2.4) or later and also a separate management application (VM or appliance) called Firesight Management Center. This is the strategic long term product and offers the best security protection.

View solution in original post

Marvin Rhoads · ‎01-23-2015

There are three different types of IPS that can run on an ASA 5515-X. Only one can run at a time and each requires a subscription license for current coverage.

1. Classic Cisco IPS. This is approaching End of Sales (link) and requires your Smartnet coverage for the ASA be current with the IPS service attached.

2. IPS as one of the three licenses available on CX. (The other two are Web Security Essentials (WSE) and Application Visibility and Control (AVC).) This was the interim product introduced prior to option 3 below being available. End of Sales has not been announced; but it is not being actively developed or enhanced.

3. IPS as one of the licenses available with FirePOWER Services ("sfr" or Sourcefire module). Requires ASA 9.2(2.4) or later and also a separate management application (VM or appliance) called Firesight Management Center. This is the strategic long term product and offers the best security protection.

juan-ruiz · ‎01-23-2015

Thank you for the quick reply and I believe I fall in option 2 as I see the CX module with 9.1 and I can console into it but the IPS module does not have an image installed and I can't console into it.

Do you have any links that you can provide me on how to setup the IPS using option 2?

Thanks again and regards,

JC

Marvin Rhoads · ‎01-23-2015

You're welcome.

Before you go too far down that path make sure you have the IPS license for the CX module. without that, you will not be able to turn on the IPS feature even if you try to set it up. Check your order for this item as it is a required and separate license sold as a 1-, 3-, or 5-year service.

If you never bought the IPS license, you would probably be better served by just going forward with the FirePOWER service.

That said, there is a quick start guide for the CX module here.

Basically you do some ASDM- or CLI-based setup and then switch over to the browser-based management GUI dedicated for it, known as Prime Security Manager (PRSM).