Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1033
Views
0
Helpful
2
Replies

Configuring ASA 5510 w/ SSM-10 in transparent mode

christiancampbell
Level 1
Level 1

‎03-25-2013 05:09 PM - edited ‎03-10-2019 05:55 AM

Hello everyone.

I'm trying to configure an ASA5510 w/ SSM-10 to run in transparent mode and be able to manage it remotely. This setup is due to the client's environment. I'm familiar with 5505's, but this is the first time with a dedicated management port and a dedicated IPS Ethernet port.

Few questions:

- Can I access both the FW and IPS through the dedicated management port via SSH and ASDM/IDM?

- Can I assign the management port an external IP address and to establish a L2L VPN tunnel for remote management and tunnel syslog and IPS logs through it?

- Would I be able to route Syslog and IPS event through the Management port to a remote event collector?

- Cabling clarification: internal switch connected to the ASA's management interface and to the IPS' management interface.

Thanks in advance.

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
2 Replies 2

lcambron
Level 3
Level 3

‎04-02-2013 01:12 PM

Hello,

1. Yes you can have ssh and asdm/idm access through the management port.

2. you cannot terminate VPN on the ASA while in transparent mode

3. yes you can use the management port to pull syslogs

4. your cabling looks correct.

Regards,

Felipe.

0 Helpful

jocamare
Level 4
Level 4

‎04-02-2013 01:53 PM

Can I access both the FW and IPS through the dedicated management port via SSH and ASDM/IDM?

Sorta, you can ssh to the ASA and from there establish a backplane connection to the module.

Can I assign the management port an external IP address and to establish  a L2L VPN tunnel for remote management and tunnel syslog and IPS logs  through it?

Would I be able to route Syslog and IPS event through the Management port to a remote event collector?

Yes, but you can't do the IPS part though.

The IPS is an independant unit and will use its own management interface to send logs, the only way you can do this is to log into the ASA, then into the IPS and get the logs you are looking for.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/fwmode.html#wp1198794

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/fwmode.html#wp1214750

Cabling clarification: internal switch connected to the ASA's management interface and to the IPS' management interface.

This is ok, if you want the units to communicate make sure they are part of the same vlan.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card