Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
952
Views
0
Helpful
0
Replies

cisco asa 5545 IPS configuration

Salomao Mambo
Level 1
Level 1

‎09-19-2015 05:59 PM - edited ‎03-10-2019 06:27 AM

Hi,

 

           we have upgraded our cisco IPS from cisco asa5520 ( with ssm-20 module) to cisco asa 5545.I have done the configurations all similar to 5520 ,but the traffic is not passing the IPS .

 

              We have 2 context Internet and MPLS , both the traffic are not allowing to pass IPS . Below I have mentioned configuration for firewall as well IPS. kindly me help me to troubleshoot.

 

cisco 5520 configuration

===================

 

 

sh run
: Saved
:
ASA Version 8.2(5) <system>
!
firewall transparent
hostname MZSW-MCNET-IPSFW01
enable password 8Ry2YjIyt7RRXU24 encrypted
mac-address auto
!
interface GigabitEthernet0/0
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface Management0/0
!
class default
  limit-resource All 0
  limit-resource Mac-addresses 65535
  limit-resource ASDM 5
  limit-resource SSH 5
  limit-resource Telnet 5
!

ftp mode passive
pager lines 24
no failover
no asdm history enable
arp timeout 14400
console timeout 0

admin-context Admin
context Admin
  allocate-interface Management0/0 Management
  config-url disk0:/Admin.cfg
!

context MPLS
  allocate-interface GigabitEthernet0/2 MPLS_Outside
  allocate-interface GigabitEthernet0/3 MPLS_Inside
  config-url disk0:/MPLS.cfg
!

context Internet
  allocate-interface GigabitEthernet0/0 Internet_Outside
  allocate-interface GigabitEthernet0/1 Internet_Inside
  config-url disk0:/Internet.cfg
!

username AdminIPS password MXKXXI0JWMggTNSr encrypted privilege 15
username btn_full password NnkgyH81H61X7yvq encrypted privilege 15
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:42b28bd3d2c8dd948b7cdfab336ff8c4
: end

MZSW-MCNET-IPSFW01#

MZSW-MCNET-IPSFW01# chq 

MZSW-MCNET-IPSFW01# changeto co

MZSW-MCNET-IPSFW01# changeto context Admin

MZSW-MCNET-IPSFW01/Admin#

MZSW-MCNET-IPSFW01/Admin#

MZSW-MCNET-IPSFW01/Admin#

MZSW-MCNET-IPSFW01/Admin# sh run
: Saved
:
ASA Version 8.2(5) <context>
!
firewall transparent
hostname Admin
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Management
 nameif Management
 security-level 100
 ip address 10.0.14.53 255.255.255.128
 management-only
!
pager lines 24
mtu Management 1500
no ip address
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route Management 0.0.0.0 0.0.0.0 10.0.14.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication enable console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 Management
snmp-server host Management 10.0.1.54 community ***** version 2c udp-port 161
no snmp-server location
no snmp-server contact
telnet 0.0.0.0 0.0.0.0 Management
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Management
ssh timeout 5
no threat-detection statistics tcp-intercept
username AdminIPS password MXKXXI0JWMggTNSr encrypted privilege 15
username btn_full password NnkgyH81H61X7yvq encrypted privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:c8fd705f3ddfd30fe36e755656b89027
: end

MZSW-MCNET-IPSFW01/Admin# cha

MZSW-MCNET-IPSFW01/Admin# changeto co

MZSW-MCNET-IPSFW01/Admin# changeto context Internet

MZSW-MCNET-IPSFW01/Internet# sh run
: Saved
:
ASA Version 8.2(5) <context>
!
firewall transparent
hostname Internet
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Internet_Outside
 nameif Internet_Outside
 security-level 0
!
interface Internet_Inside
 nameif Internet_Inside
 security-level 100
!
access-list IPS remark Interesting Traffic to IPS
access-list IPS extended permit ip any any
access-list Internet_Out remark Allow All Traffic to Internet
access-list Internet_Out extended permit ip any any
access-list Internet_In remark Allow All Traffic to Internet
access-list Internet_In extended permit ip any any
pager lines 24
mtu Internet_Outside 1500
mtu Internet_Inside 1500
ip address 196.11.135.11 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group Internet_Out in interface Internet_Outside
access-group Internet_In in interface Internet_Inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
no snmp-server location
no snmp-server contact
telnet timeout 5
ssh timeout 5
no threat-detection statistics tcp-intercept
!
class-map IPS
 match access-list IPS
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
 class IPS
  ips promiscuous fail-open
!
service-policy global_policy global
Cryptochecksum:f62097eb278c7247ed58b549ab652c34
: end

MZSW-MCNET-IPSFW01/Internet# ch

MZSW-MCNET-IPSFW01/Internet# changeto co

MZSW-MCNET-IPSFW01/Internet# changeto context MPLS

MZSW-MCNET-IPSFW01/MPLS#

MZSW-MCNET-IPSFW01/MPLS#

MZSW-MCNET-IPSFW01/MPLS# sh run
: Saved
:
ASA Version 8.2(5) <context>
!
firewall transparent
hostname MPLS
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface MPLS_Outside
 nameif MPLS_Outside
 security-level 0
!
interface MPLS_Inside
 nameif MPLS_Inside
 security-level 100
!
access-list IPS remark Interesting Traffic to IPS
access-list IPS extended permit ip any any
access-list MPLS_Out remark Permit All Traffic to MPLS
access-list MPLS_Out extended permit ip any any
access-list MPLS_In remark Permit All Traffic to MPLS
access-list MPLS_In extended permit ip any any
pager lines 24
mtu MPLS_Outside 1500
mtu MPLS_Inside 1500
ip address 10.0.99.11 255.255.255.240
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group MPLS_Out in interface MPLS_Outside
access-group MPLS_In in interface MPLS_Inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
no snmp-server location
no snmp-server contact
telnet timeout 5
ssh timeout 5
no threat-detection statistics tcp-intercept
!
class-map IPS
 match access-list IPS
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
 class IPS
  ips promiscuous fail-open
!
service-policy global_policy global
Cryptochecksum:f34a446d8250da31e6812b00901896b8
: end

MZSW-MCNET-IPSFW01/MPLS#

MZSW-MCNET-IPSFW01/MPLS#

MZSW-MCNET-IPSFW01/MPLS#

MZSW-MCNET-IPSFW01/MPLS# ses

MZSW-MCNET-IPSFW01/MPLS# ses   cha

MZSW-MCNET-IPSFW01/MPLS# changeto sy

MZSW-MCNET-IPSFW01/MPLS# changeto system

MZSW-MCNET-IPSFW01#

MZSW-MCNET-IPSFW01#

MZSW-MCNET-IPSFW01#

 

                                       
! ------------------------------

 

! Current configuration last modified Thu Oct 16 15:48:17 2014

 

! ------------------------------

 

! Version 7.1(8)

 

! Host:                                         

 


!     Realm Keys          key1.0                

 


! Signature Definition:                         

 


!     Signature Update    S842.0   2014-12-17   

 


! ------------------------------

 

service interface

 

bypass-mode auto

 

exit

 

! ------------------------------

 

service authentication

 

exit

 

! ------------------------------

 

service event-action-rules rules0

 

overrides deny-attacker-inline

 

override-item-status Enabled

 

risk-rating-range 90-100

 

exit

 

overrides log-attacker-packets

 

override-item-status Enabled

 

risk-rating-range 90-100

 


--MORE--
        
exit

 

overrides log-victim-packets

 

override-item-status Enabled

 

risk-rating-range 90-100

 

exit

 

overrides log-pair-packets

 

override-item-status Enabled

 

risk-rating-range 90-100

 

exit

 

filters edit IT360

 

attacker-address-range 10.0.1.54

 

actions-to-remove request-snmp-trap

 

os-relevance relevant|not-relevant|unknown

 

exit

 

filters edit Nagios_Monitor

 

attacker-address-range 10.0.1.24

 

actions-to-remove request-snmp-trap

 

os-relevance relevant|not-relevant|unknown

 

exit

 

filters move Nagios_Monitor begin

 

filters move IT360 after Nagios_Monitor

 

general

 

global-overrides-status Disabled

 

exit

 


--MORE--
        
exit

 

! ------------------------------

 

service host

 

network-settings

 

host-ip 10.0.14.55/25,10.0.14.1

 

host-name MZSW-MCNET-IPS01

 

telnet-option disabled

 

access-list 0.0.0.0/0

 

dns-primary-server enabled

 

address 4.2.2.2

 

exit

 

dns-secondary-server disabled

 

dns-tertiary-server disabled

 

exit

 

time-zone-settings

 

offset 120

 

standard-time-zone-name GMT+02:00

 

exit

 

ntp-option enabled-ntp-unauthenticated

 

ntp-server 146.231.129.86

 

exit

 

summertime-option disabled

 

auto-upgrade

 

cisco-server enabled

 


--MORE--
        
schedule-option calendar-schedule

 

times-of-day 23:00:00

 

days-of-week monday

 

days-of-week tuesday

 

days-of-week wednesday

 

days-of-week thursday

 

days-of-week friday

 

exit

 

user-name salomao.mambo

 

cisco-url https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

 

exit

 

exit

 

exit

 

! ------------------------------

 

service logger

 

exit

 

! ------------------------------

 

service network-access

 

exit

 

! ------------------------------

 

service notification

 

enable-set-get true

 

read-only-community mcnetpublic

 

read-write-community mcnet

 


--MORE--
        
exit

 

! ------------------------------

 

service signature-definition sig0

 

signatures 1034 0

 

status

 

enabled false

 

exit

 

exit

 

signatures 1220 0

 

status

 

enabled true

 

exit

 

exit

 

signatures 1225 0

 

status

 

enabled true

 

exit

 

exit

 

signatures 1630 0

 

engine atomic-ip-advanced

 

event-action produce-alert|deny-packet-inline

 

exit

 

exit

 

signatures 2000 0

 


--MORE--
        
engine atomic-ip

 

event-action produce-alert

 

exit

 

status

 

enabled true

 

retired false

 

exit

 

exit

 

signatures 2004 0

 

engine atomic-ip

 

event-action produce-alert

 

exit

 

status

 

enabled true

 

retired false

 

exit

 

exit

 

signatures 2158 0

 

status

 

enabled true

 

exit

 

exit

 

signatures 2284 0

 

engine string-tcp

 


--MORE--
        
event-action produce-alert|deny-attacker-inline|deny-packet-inline|request-block-host

 

exit

 

exit

 

signatures 4703 0

 

alert-severity low

 

engine atomic-ip

 

no event-action

 

exit

 

exit

 

signatures 5766 0

 

status

 

enabled true

 

exit

 

exit

 

signatures 18058 0

 

status

 

enabled true

 

exit

 

exit

 

exit

 

! ------------------------------

 

service ssh-known-hosts

 

exit

 

! ------------------------------

 


--MORE--
        
service trusted-certificates

 

exit

 

! ------------------------------

 

service web-server

 

exit

 

! ------------------------------

 

service anomaly-detection ad0

 

exit

 

! ------------------------------

 

service external-product-interface

 

exit

 

! ------------------------------

 

service health-monitor

 

memory-usage-policy

 

enable true

 

exit

 

global-correlation-policy

 

yellow-threshold 99400

 

red-threshold 310200

 

exit

 

exit

 

! ------------------------------

 

service global-correlation

 

global-correlation-inspection-influence standard

 


--MORE--
        
test-global-correlation off

 

exit

 

! ------------------------------

 

service aaa

 

exit

 

! ------------------------------

 

service analysis-engine

 

virtual-sensor vs0

 

physical-interface GigabitEthernet0/1

 

 

 

 

 

cisco 5545 configuration

===================

 

MZSW-MCNET-IPSFW02# sh running-config all
: Saved
:
ASA Version 9.1(2) <system>
!
command-alias exec h help
command-alias exec lo logout
command-alias exec p ping
command-alias exec s show
terminal width 80
hostname MZSW-MCNET-IPSFW02
domain-name mcnet.co.mz
enable password yaWxBRUSyClMGJkc encrypted
no mac-address auto
lacp system-priority 32768
!
interface GigabitEthernet0/0
 description Internet_Outside
 speed auto
 duplex auto
no  flowcontrol send on
 delay 1
!
interface GigabitEthernet0/1
 description Internet_Inside
 speed auto
<--- More --->
              
 duplex auto
no  flowcontrol send on
 delay 1
!
interface GigabitEthernet0/2
 description MPLS_Outside
 speed auto
 duplex auto
no  flowcontrol send on
 delay 1
!
interface GigabitEthernet0/3
 description MPLS_Inside
 speed auto
 duplex auto
no  flowcontrol send on
 delay 1
!
interface GigabitEthernet0/4
 speed auto
 duplex auto
no  flowcontrol send on
 shutdown
 delay 1
<--- More --->
              
!
interface GigabitEthernet0/5
 speed auto
 duplex auto
no  flowcontrol send on
 shutdown
 delay 1
!
interface GigabitEthernet0/6
 speed auto
 duplex auto
no  flowcontrol send on
 shutdown
 delay 1
!
interface GigabitEthernet0/7
 speed auto
 duplex auto
no  flowcontrol send on
 shutdown
 delay 1
!
interface Management0/0
 speed auto
<--- More --->
              
 duplex auto
no  flowcontrol send on
 delay 1
!
class default
  limit-resource All 0
  limit-resource ASDM 5
  limit-resource SSH 5
  limit-resource Telnet 5
!

checkheaps check-interval 60
checkheaps validate-checksum 60
boot system disk0:/asa912-smp-k8.bin
ftp mode passive
clock timezone UTC 0
pager lines 24
no failover
failover lan unit secondary
failover polltime unit 1 holdtime 15
failover polltime interface 5 holdtime 25
failover interface-policy 1
failover replication rate 40000
asdm image disk0:/asdm-713.bin
<--- More --->
              
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
service password-recovery
crypto engine accelerator-bias ipsec
console timeout 0
!
tls-proxy maximum-session 1000
!

admin-context admin
context admin
  allocate-interface Management0/0 Management
  config-url disk0:/admin.cfg
!

context MPLS
  allocate-interface GigabitEthernet0/2 MPLS_Outside
  allocate-interface GigabitEthernet0/3 MPLS_Inside
  config-url disk0:/MPLS.cfg
!

context Internet
  allocate-interface GigabitEthernet0/0 Internet_Outside
<--- More --->
              
  allocate-interface GigabitEthernet0/1 Internet_Inside
  config-url disk0:/Internet.cfg
!

password-policy minimum-length 3
password-policy minimum-changes 0
password-policy minimum-lowercase 0
password-policy minimum-uppercase 0
password-policy minimum-numeric 0
password-policy minimum-special 0
password-policy lifetime 0
no password-policy authenticate-enable
quota management-session 0
username admin password o0EpBBSOlCsMtD.Y encrypted privilege 15
username admin password-date Sep 19 2015
username cisco password dmtCHfu9.xJWP2Ve encrypted privilege 15
username cisco password-date Sep 19 2015
prompt hostname context
no coredump enable
no call-home reporting anonymous
no password encryption aes
Cryptochecksum:bcb35fbc0531aacd9a9fde129efd2ec2
: end


MZSW-MCNET-IPSFW02# changeto context admin

MZSW-MCNET-IPSFW02/admin#

MZSW-MCNET-IPSFW02/admin#

MZSW-MCNET-IPSFW02/admin#

MZSW-MCNET-IPSFW02/admin# sh run
: Saved
:
ASA Version 9.1(2) <context>
!
firewall transparent
hostname Admin
enable password yaWxBRUSyClMGJkc encrypted
names
!
interface Management
 management-only
 nameif Management
 security-level 100
 ip address 10.0.14.52 255.255.255.0
!
pager lines 24
mtu Management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route Management 0.0.0.0 0.0.0.0 10.0.14.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
<--- More --->
              
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication enable console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 Management
snmp-server host Management 10.0.1.54 community ***** version 2c udp-port 161
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
telnet timeout 5
ssh 10.0.1.0 255.255.255.0 Management
ssh timeout 5
ssh key-exchange group dh-group1-sha1
no threat-detection statistics tcp-intercept
username admin password o0EpBBSOlCsMtD.Y encrypted privilege 15
username AdminIPS password MXKXXI0JWMggTNSr encrypted privilege 15
!
class-map inspection_default
<--- More --->
              
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
<--- More --->
              
!
service-policy global_policy global
Cryptochecksum:cb6e6bc49e8b1a7f9cb7b5e2759c61b6


MZSW-MCNET-IPSFW02/admin# changeto context Internet

MZSW-MCNET-IPSFW02/Internet# sh run    
: Saved
:
ASA Version 9.1(2) <context>
!
firewall transparent
hostname Internet
enable password 8Ry2YjIyt7RRXU24 encrypted
names
ip local pool Internet 196.11.135.11
!
interface Internet_Outside
 nameif Internet_Outside
 security-level 0
!
interface Internet_Inside
 nameif Internet_Inside
 security-level 100
!
access-list Internet_Inside_access_in extended permit ip any any
access-list Internet_Inside_access_in extended deny ip any any
access-list Internet_Outside_access_in extended permit ip any any
access-list Internet_Outside_access_in extended deny ip any any
access-list global_mpc extended permit ip any4 any4
access-list IPS remark Interesting Traffic to IPS
access-list IPS extended permit ip any any
<--- More --->
              
pager lines 24
<--- More --->
              
mtu Internet_Outside 1500
<--- More --->
              
mtu Internet_Inside 1500
no monitor-interface Internet_Outside
no monitor-interface Internet_Inside
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group Internet_Outside_access_in in interface Internet_Outside
access-group Internet_Inside_access_in in interface Internet_Inside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
no threat-detection statistics tcp-intercept
<--- More --->
              
!
class-map IPS
 match access-list IPS
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 description IPS
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
<--- More --->
              
  inspect xdmcp
<--- More --->
              
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
 class IPS
  ips promiscuous fail-open
!
service-policy global_policy global
Cryptochecksum:9c1997d061436dcc3cb5f4e7ea186fce
: end

MZSW-MCNET-IPSFW02/Internet#

MZSW-MCNET-IPSFW02/Internet#

MZSW-MCNET-IPSFW02/Internet#

MZSW-MCNET-IPSFW02/Internet# chang

MZSW-MCNET-IPSFW02/Internet# changet

MZSW-MCNET-IPSFW02/Internet# changeto con

MZSW-MCNET-IPSFW02/Internet# changeto context MPLS

MZSW-MCNET-IPSFW02/MPLS#

MZSW-MCNET-IPSFW02/MPLS#

MZSW-MCNET-IPSFW02/MPLS#

MZSW-MCNET-IPSFW02/MPLS# sh run
: Saved
:
ASA Version 9.1(2) <context>
!
firewall transparent
hostname MPLS
enable password 8Ry2YjIyt7RRXU24 encrypted
names
ip local pool MPLS 10.0.99.11 mask 255.255.255.255
!
interface MPLS_Outside
 nameif MPLS_Outside
 security-level 0
!
interface MPLS_Inside
 nameif MPLS_Inside
 security-level 100
!
access-list IPS remark Interesting Traffic to IPS
access-list IPS extended permit ip any any
access-list MPLS_Out remark Permit All Traffic to MPLS
access-list MPLS_Out extended permit ip any any
access-list MPLS_In remark Permit All Traffic to MPLS
access-list MPLS_In extended permit ip any any
pager lines 24
<--- More --->
              
mtu MPLS_Outside 1500
mtu MPLS_Inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group MPLS_Out in interface MPLS_Outside
access-group MPLS_In in interface MPLS_Inside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
no threat-detection statistics tcp-intercept
!
<--- More --->
              
class-map IPS
 match access-list IPS
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
<--- More --->
              
  inspect netbios
  inspect tftp
  inspect ip-options
 class IPS
  ips promiscuous fail-open
!
service-policy global_policy global
Cryptochecksum:ead26439c72c1bfe95463d789d3aecdc
: end


MZSW-MCNET-IPSFW02/MPLS# changeto system

MZSW-MCNET-IPSFW02#

MZSW-MCNET-IPSFW02#

MZSW-MCNET-IPSFW02#

MZSW-MCNET-IPSFW02#

MZSW-MCNET-IPSFW02# ses

MZSW-MCNET-IPSFW02# session ips
 


MZSW-MCNET-IPS02#


MZSW-MCNET-IPS02# sh run

                     ^


% Invalid input detected at '^' marker

 

 


MZSW-MCNET-IPS02# sh conf


:

! Current configuration last modified Sun Sep 20 01:34:19 2015

 

! ------------------------------

 

! Version 7.3(4)

 

! Host:                                              

 


!     Realm Keys               key1.0                

 


! Signature Definition:                              

 


!     Signature Update         S886.0   2015-09-15   

 


!     Threat Profile Version   12                    

 


! ------------------------------

 

service interface

 

exit

 

! ------------------------------

 

service authentication

 

exit

 

! ------------------------------

 

service event-action-rules rules0

 

overrides deny-attacker-inline

 

override-item-status Enabled

 

risk-rating-range 90-100

 

exit

 

overrides log-attacker-packets

 

override-item-status Enabled

 

risk-rating-range 90-100

 


--MORE--
        
exit

 

overrides log-victim-packets

 

override-item-status Enabled

 

risk-rating-range 90-100

 

exit

 

overrides log-pair-packets

 

override-item-status Enabled

 

risk-rating-range 90-100

 

exit

 

filters edit IT360

 

attacker-address-range 10.0.1.54

 

actions-to-remove request-snmp-trap

 

os-relevance relevant|not-relevant|unknown

 

exit

 

filters edit Nagios_Monitor

 

attacker-address-range 10.0.1.24

 

actions-to-remove request-snmp-trap

 

os-relevance relevant|not-relevant|unknown

 

exit

 

filters move Nagios_Monitor begin

 

filters move IT360 after Nagios_Monitor

 

general

 

global-overrides-status Disabled

 

exit

 


--MORE--
        
exit

 

! ------------------------------

 

service host

 

network-settings

 

host-ip 10.0.14.54/24,10.0.14.1

 

host-name MZSW-MCNET-IPS02

 

telnet-option disabled

 

sshv1-fallback enabled

 

access-list 0.0.0.0/0

 

dns-primary-server enabled

 

address 10.0.2.10

 

exit

 

dns-secondary-server disabled

 

dns-tertiary-server disabled

 

exit

 

time-zone-settings

 

offset 120

 

standard-time-zone-name GMT+02:00

 

exit

 

auto-upgrade

 

cisco-server enabled

 

schedule-option calendar-schedule

 

times-of-day 23:00:00

 

days-of-week sunday

 


--MORE--
        
days-of-week monday

 

days-of-week tuesday

 

days-of-week wednesday

 

days-of-week thursday

 

days-of-week friday

 

days-of-week saturday

 

exit

 

user-name salomao.mambo

 

cisco-url https://72.163.4.161//cgi-bin/front.x/ida/locator/locator.pl

 

exit

 

exit

 

exit

 

! ------------------------------

 

service logger

 

exit

 

! ------------------------------

 

service network-access

 

exit

 

! ------------------------------

 

service notification

 

exit

 

! ------------------------------

 

service signature-definition sig0

 

signatures 1034 0

 


--MORE--
        
status

 

enabled false

 

exit

 

exit

 

signatures 1220 0

 

status

 

enabled true

 

exit

 

exit

 

signatures 1225 0

 

status

 

enabled true

 

exit

 

exit

 

signatures 1630 0

 

engine atomic-ip-advanced

 

event-action produce-alert|deny-packet-inline

 

exit

 

exit

 

signatures 2000 0

 

engine atomic-ip

 

event-action produce-alert

 

exit

 

status

 


--MORE--
        
enabled true

 

retired false

 

exit

 

exit

 

signatures 2004 0

 

engine atomic-ip

 

event-action produce-alert

 

exit

 

status

 

enabled true

 

retired false

 

exit

 

exit

 

signatures 2158 0

 

status

 

enabled true

 

exit

 

exit

 

signatures 2284 0

 

engine string-tcp

 

event-action produce-alert|deny-attacker-inline|deny-packet-inline|request-block-host

 

exit

 

exit

 

signatures 4703 0

 


--MORE--
        
alert-severity low

 

engine atomic-ip

 

no event-action

 

exit

 

exit

 

signatures 5766 0

 

status

 

enabled true

 

exit

 

exit

 

signatures 18058 0

 

status

 

enabled true

 

exit

 

exit

 

exit

 

! ------------------------------

 

service ssh-known-hosts

 

exit

 

! ------------------------------

 

service trusted-certificates

 

exit

 

! ------------------------------

 

service web-server

 


--MORE--
        
exit

 

! ------------------------------

 

service anomaly-detection ad0

 

exit

 

! ------------------------------

 

service external-product-interface

 

exit

 

! ------------------------------

 

service health-monitor

 

memory-usage-policy

 

enable true

 

red-threshold 93

 

exit

 

exit

 

! ------------------------------

 

service global-correlation

 

network-participation full

 

exit

 

! ------------------------------

 

service aaa

 

exit

 

! ------------------------------

 

service analysis-engine

 

virtual-sensor vs0

 


--MORE--
        
physical-interface PortChannel0/0

 

exit

 

exit

 

 

 

Regards

Salomao

 

 

 

 

 

 

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card