Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
0
Helpful
3
Replies

Cisco ASA 5510 with ASA SSM-20

ammar-ibrahim
Level 1
Level 1

‎01-27-2017 07:22 AM - edited ‎03-12-2019 01:50 AM

Hi,

I have Cisco ASA 5510 with Cisco ASA AIP SSM-20

When I configuration the Sensor with setup command. I cant get ping to IPS?

This is my configuration 

sensor# sh configuration
! ------------------------------
! Current configuration last modified Fri Jan 27 06:06:00 2017
! ------------------------------
! Version 6.0(6)
! Host:
! Realm Keys key1.0
! Signature Definition:
! Signature Update S480.0 2010-03-24
! ------------------------------
service interface
exit
! ------------------------------
service authentication
exit
! ------------------------------
service event-action-rules rules0
exit
! ------------------------------
service host
network-settings
host-ip 192.168.1.2/24,192.168.1.1
host-name sensor
telnet-option disabled
access-list 192.168.1.0/24
exit
time-zone-settings
offset 0
standard-time-zone-name UTC
exit
exit
! ------------------------------
service logger
exit
! ------------------------------
service network-access
exit
! ------------------------------
service notification
exit
! ------------------------------
service signature-definition sig0
exit
! ------------------------------
service ssh-known-hosts
exit
! ------------------------------
service trusted-certificates
exit
! ------------------------------
service web-server
exit
! ------------------------------
service anomaly-detection ad0
exit
! ------------------------------
service external-product-interface
exit
! ------------------------------
service analysis-engine
exit

Labels:
0 Helpful
3 Replies 3

Ajay Saini
Level 7
Level 7

‎01-27-2017 09:38 AM

A few questions:

- where is the IPS management interface connected. It should be connected on the same switch where ASA inside interface(192.168.1.x) is connected.

-and what is the source ip address of the host where you are trying to ping from.

-

AJ

0 Helpful

ammar-ibrahim
Level 1
Level 1

‎01-27-2017 12:29 PM

Hi,

I connected on mgmt port and I have ping to ASA Firewall and I can open ASDM.

I can get ping to ASA Firewall 192.168.1.1

My computer 192.168.1.100

IPS (SSM-20) 192.168.1.2 

0 Helpful

Ajay Saini
Level 7
Level 7

‎01-27-2017 01:06 PM

ok, try this. I am guessing that you have your machine 192.168.1.100 connected directly to ASA management interface. That won't work since there is a separate management interface at the back of IPS module. Assign your machine an ip address of 192.168.1.1 and connect to IPS management interface and try to ping. That should work.

What we need here is to connect a cable from ips management interface to the same switch where you would or you have connected to ASA inside interface.

HTH

-AJ

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card