Re: configuration IPS-ASA

mlcontento1 · ‎10-29-2008

plese help me. where to start, I am reading but, I need a ideas, My IPS is 4240 and my ASA 5540

marcabal · ‎10-29-2008

Start by running "setup" on the CLI of the IPS SSM (access the SSM CLI by "sessioning" to the SSM).

The IP Address you give it is going to be for the external interface of the SSM card itself (do not confuse it with other interfaces of the ASA).

Near the end of setup you need to assign an interface to virtual sensor vs0. You need to assign GigabitEthernet0/1 to virtual sensor vs0. This GigabitEthernet is a BACKPLANE interface between the ASA and the SSM and should not be confused with the ASA's own GigabitEthernet0/1 interface.

After setup is complete now you need to get the ASA to send traffic to the SSM for monitoring.

Here is a good document to start with:

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_example09186a00807335ca.shtml

It gives a basic explanation of how to configure the ASA to send traffic to the SSM for monitoring.

NOTE: It also recommends a few basic sigs to enable for simple testing. The 2004 signature is triggered by a simple ping.

Once you've got traffic being sent for monitoring, then you've got all kinds of advanced configs you can do. You will want to read through the IPS Config Guides to see what kinds of things you can do.

Other documents for the SSM can be found here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_installation_and_configuration_guides_list.html

You will want to pick the CLI guide that corresponds to the IPS version you are running on your SSM.

mlcontento1 · ‎10-29-2008

Hi marco

Thanks for you request, sorry my english I speak spanish, correct my errors please...

excuse my ignorance on this, my goal is to be able to lift this two appliance and I hope I can do it

One questions, IPS have modules, such as IDSM-2, NM-CIDS, or AIP-SSM?

How can I connect ASA and IPS for either the interfaces of each, with which direct or crossover cable? as active interfaces in IPS with:

sensor# configure terminal

sensor(config)# service interface

sensor(config-int)# physical-interfaces GigabitEthernet0/2

sensor(config-int-phy)# admin-state enabled

It's correct?

I am ejecute in ASA, for access IPS SSM:

#session 1

card in slot one did not respond

I can configuration through the web?

what IPS interface connect to the network and how active

Thanks for your help...

mlcontento1 · ‎10-30-2008

Hi marc, I review my asa and I am ejecute asa# show module, I have only ASA5540, I don't have ASA-SSM module, I need ASA-SSM for work?..

I have two appliance, ASA 5540 and appliance IPS 4240

mlcontento1 · ‎10-30-2008

Hi marc, I review my asa and I am ejecute asa# show module, I have only ASA5540, I don't have ASA-SSM module, I need ASA-SSM for work?..

rhermes · ‎10-30-2008

You do not need an AIP-SSM, you have a 4240 to use as an IPS sensor. You need to configure you 4240 with these instructions:

connections and hardware

http://www.cisco.com/en/US/docs/security/ips/6.1/installation/guide/hw_installing_4240_4255.html

Basic software setup

http://www.cisco.com/en/US/docs/security/ips/6.1/installation/guide/hw_initializing.html#wp1252154

mlcontento1 · ‎10-30-2008

Thank you so much, today I go all morning looking for information and read this and I did, but I like to make the administration of the apliance where to start to control.

I have a cisco ASA 5540, as I connect to these appliance, how configure the interfaces???

best regards

marcia