Solved: Re: connecting to IPS with ASDM

nkariyawasam · ‎09-15-2008

I am doing ASA5510 with IPS, initial setup. I can access ASA from ASDM. But when I click the IPS tab in ASDM, it will retrieve the management IP of the IPS, but finally says "unable to connect".

I tried even chaning management IP using CLI, still no luck.

Any ideas ?

suschoud · ‎09-15-2008

Hi,

Is the management interface of SSM connected to your local lan.At the back of asa,where aip-ssm is plugged in,you would see a management interface.This management interface should have a cable running to your local lan switch or router.There has to be a connectivity from local lan to the management interface so that aip-ssm info. could be retrieved.

Please rate if helps. :)

Regards,

Sushil

View solution in original post

rhermes · ‎09-15-2008

In addition to connecting the AIP-SSM to your LAN, as Sushil suggested, you will need to assign an IP address, netmask, gateway and place your management host's IP address into the AIP-SSM's allowed hosts list. You can do all this by connecting to the AIP-SSM via the ASA using the "session 1" command, loging in (cisco/cisco by default) and running "setup".

View solution in original post

suschoud · ‎09-15-2008

Hi,

Is the management interface of SSM connected to your local lan.At the back of asa,where aip-ssm is plugged in,you would see a management interface.This management interface should have a cable running to your local lan switch or router.There has to be a connectivity from local lan to the management interface so that aip-ssm info. could be retrieved.

Please rate if helps. :)

Regards,

Sushil

rhermes · ‎09-15-2008

In addition to connecting the AIP-SSM to your LAN, as Sushil suggested, you will need to assign an IP address, netmask, gateway and place your management host's IP address into the AIP-SSM's allowed hosts list. You can do all this by connecting to the AIP-SSM via the ASA using the "session 1" command, loging in (cisco/cisco by default) and running "setup".

nkariyawasam · ‎09-15-2008

Thanks for both answers! I was able to connect though management iontarface, connected to the LAN. I wonder is there any way that I can connect to AIP-SSM internally ( ie using the ASDM conneciton alone) , without actually using the management interface.

suschoud · ‎09-16-2008

That would not be possible.ASDM open on ur w/station connects to ips through the management interface of ssm.You can treat this as a separate connection initiated by asdm s/w to the ip address of ssm from the w/station.

Regards,

Sushil

new_networker · ‎12-06-2008

Is it necessary to access the management interface from ASDM via the same network. Or can it be a different network as well.

In my case, the pings from other network are going through but the telnet to port 443 is not responding. It is however responding from the same network as management interface. Is there a restriction like this ?

Thanks.

rhermes · ‎12-08-2008

The ASA management interface can be on a different network from the AIP-SSM Management network address.

Check the allowed hosts on your IPS module, you might be denying access to the network/host that can't https to your sensor.