Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
763
Views
0
Helpful
4
Replies

Cisco SSM 10 assigning IP to interface

Go to solution
mahesh18
Level 6
Level 6

‎09-07-2015 03:40 PM - edited ‎03-10-2019 06:27 AM

Hi everyone,

 

I have ASA SSM 10 module.

ASA inside interface IP is 192.168.2.x

I have installed the SSM 10 module.

Need to know what IP should I assign to SSM interface?

 

Below is ASA interface config

 

interface Ethernet0/0
 nameif MGMT
 security-level 10
 ip address 10.31.2.33 255.255.255.0
!
interface Ethernet0/1
 description Connection to ISP SHAW
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface Ethernet0/2
 nameif WLC_ASA_5505
 security-level 67
 ip address 10.255.255.2 255.255.255.252

interface Ethernet0/3
 nameif VISITOR
 security-level 50
 ip address 192.168.2.1 255.255.255.0
!

 

Regards

Mahesh

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-07-2015 09:08 PM

Mahesh,

The SSM physical management interface exists distinct from the base ASA. Since you connect to it independently, you can assign it an IP address in whatever subnet is appropriate in your environment. Just make sure the physical connection goes to a switch interface in the correct VLAN that's associated with that subnet. Usually we use the same subnet as the ASA management interface but that's not required.

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎09-08-2015 08:16 AM

You can assign it an address from the same subnet as the ASA mgmt interface. The SSM IP address is only used for SSM management.

Traffic redirection is done with your service policy in the ASA. The service policy redirects traffic to the IPS via an internal dataplane interface.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-07-2015 09:08 PM

Mahesh,

The SSM physical management interface exists distinct from the base ASA. Since you connect to it independently, you can assign it an IP address in whatever subnet is appropriate in your environment. Just make sure the physical connection goes to a switch interface in the correct VLAN that's associated with that subnet. Usually we use the same subnet as the ASA management interface but that's not required.

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Marvin Rhoads

‎09-08-2015 07:35 AM

Hi Marvin,

 

So i can assign it same ASA management interface subnet IP.

If i do that then how i will redirect user traffic to go via SSM inetrface?

 

Regards

MAhesh

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎09-08-2015 08:16 AM

You can assign it an address from the same subnet as the ASA mgmt interface. The SSM IP address is only used for SSM management.

Traffic redirection is done with your service policy in the ASA. The service policy redirects traffic to the IPS via an internal dataplane interface.

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Marvin Rhoads

‎09-11-2015 01:49 PM

Many thanks Marvin.

 

Regards

Mahesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card