cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
533
Views
4
Helpful
1
Replies

Configuring AIP SSM to monitor only

Hi all,

We purchased an AIP-SSM-20 for our ASA5520. Is there a way to enable IPS functionality, but not block anything, i.e. just log events? This is just to see if any legitimate company traffic will be blocked.

Thanks!

Jacques

1 Accepted Solution

Accepted Solutions

gbekmezi
Level 5
Level 5

Configure the ASA to send traffic to the IPS in promiscuous mode using the following command in a policy-map:

hostname(config-pmap-c)# ips {inline | promiscuous} {fail-close |

fail-open} [sensor {sensor_name | mapped_name}]

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5500/quick/guide/aipssm.html

Geroge

View solution in original post

1 Reply 1

gbekmezi
Level 5
Level 5

Configure the ASA to send traffic to the IPS in promiscuous mode using the following command in a policy-map:

hostname(config-pmap-c)# ips {inline | promiscuous} {fail-close |

fail-open} [sensor {sensor_name | mapped_name}]

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5500/quick/guide/aipssm.html

Geroge

Review Cisco Networking for a $25 gift card