05-28-2012 11:38 AM - edited 03-10-2019 05:41 AM
Hello,
I have 2 5520 ASA's in Active/standby mode, they both have the AIP-10 modules installed with 7.0(6).E4 installed.
How can I test it is all working can I fire any test scripts through the ASA to trigger an alert and se that it gets blocked?
Also how do I keep these to IPS modules in sync? I have to mak changes on one then the other all the time.
Thanks
05-28-2012 06:40 PM
To test the IPS functionality, you can enable signature# 2000 (echo-reply) and 2004 (echo-request) and ping across the ASA. You should get those 2 triggered as a test.
With the IPS modules in ASA active/standby mode, unfortunately the configuration will not be sync automatically and there is a bit of manual work involved to get the config synchronized. The IPS modules are standalone unfortunately.
05-28-2012 07:23 PM
Also make sure the signatures 2000 and 2004 are un retired besides enabling them. In recent versions they have been retired.
qssp-8083(config-sig-sig)# stat
qssp-8083(config-sig-sig-sta)# sh set
status
-----------------------------------------------
enabled: false
retired: true
Madhu
05-29-2012 01:57 AM
We can't use teh echo one for testing as we have soem important monitoring servers that will have issues, is there any other way we can test if the IPS modules are blocking?
05-29-2012 04:36 AM
You can create custom signature and block for example telnet traffic going through the ASA. You just have to specify the TCP port within the custom signature. Or you can configure any other ports for testing purposes.
05-29-2012 05:23 AM
To create a custom rule for Telnet can I use the Cisco IPS ME? I woudl like to block 192.168.9.11 from telnetting to 172.30.1.1?
Thanks
05-29-2012 05:58 AM
You can create a custom signature (engine string TCP), and specify telnet port, and configure regex. When it detected the regex settings that you specify, it will trigger the signature.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide