cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1252
Views
0
Helpful
6
Replies

connecting to IPS with ASDM

nkariyawasam
Level 1
Level 1

I am doing ASA5510 with IPS, initial setup. I can access ASA from ASDM. But when I click the IPS tab in ASDM, it will retrieve the management IP of the IPS, but finally says "unable to connect".

I tried even chaning management IP using CLI, still no luck.

Any ideas ?

2 Accepted Solutions

Accepted Solutions

suschoud
Cisco Employee
Cisco Employee

Hi,

Is the management interface of SSM connected to your local lan.At the back of asa,where aip-ssm is plugged in,you would see a management interface.This management interface should have a cable running to your local lan switch or router.There has to be a connectivity from local lan to the management interface so that aip-ssm info. could be retrieved.

Please rate if helps. :)

Regards,

Sushil

View solution in original post

In addition to connecting the AIP-SSM to your LAN, as Sushil suggested, you will need to assign an IP address, netmask, gateway and place your management host's IP address into the AIP-SSM's allowed hosts list. You can do all this by connecting to the AIP-SSM via the ASA using the "session 1" command, loging in (cisco/cisco by default) and running "setup".

View solution in original post

6 Replies 6

suschoud
Cisco Employee
Cisco Employee

Hi,

Is the management interface of SSM connected to your local lan.At the back of asa,where aip-ssm is plugged in,you would see a management interface.This management interface should have a cable running to your local lan switch or router.There has to be a connectivity from local lan to the management interface so that aip-ssm info. could be retrieved.

Please rate if helps. :)

Regards,

Sushil

In addition to connecting the AIP-SSM to your LAN, as Sushil suggested, you will need to assign an IP address, netmask, gateway and place your management host's IP address into the AIP-SSM's allowed hosts list. You can do all this by connecting to the AIP-SSM via the ASA using the "session 1" command, loging in (cisco/cisco by default) and running "setup".

Thanks for both answers! I was able to connect though management iontarface, connected to the LAN. I wonder is there any way that I can connect to AIP-SSM internally ( ie using the ASDM conneciton alone) , without actually using the management interface.

That would not be possible.ASDM open on ur w/station connects to ips through the management interface of ssm.You can treat this as a separate connection initiated by asdm s/w to the ip address of ssm from the w/station.

Regards,

Sushil

Is it necessary to access the management interface from ASDM via the same network. Or can it be a different network as well.

In my case, the pings from other network are going through but the telnet to port 443 is not responding. It is however responding from the same network as management interface. Is there a restriction like this ?

Thanks.

The ASA management interface can be on a different network from the AIP-SSM Management network address.

Check the allowed hosts on your IPS module, you might be denying access to the network/host that can't https to your sensor.

Review Cisco Networking for a $25 gift card