Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1032
Views
0
Helpful
2
Replies

IP address for AIP- IPS in ASA5520

bob.bhakta
Level 1
Level 1

‎07-14-2010 04:36 AM - edited ‎03-10-2019 05:03 AM

This is a pretty dumb question, and may have already the answer, but none the less... Does it matter the IP address i assign to the IPS module?  I mean of course it is an IP address on the inside but does it matter if it is a part of the normal data subnet we have allocated?  i was think of giviing the IPS module an IP address on our network management subnet?

Greatly appreciate the feedback in advance.. and plze be brutally honest.. as

Labels:
0 Helpful
2 Replies 2

terrygwazdosky
Level 1
Level 1

‎07-14-2010 06:45 AM

As it's just for management you can give it any IP you want.  I have a seperate VLAN for my IPS sensors, but putting it in your management network is just fine too.  If you want to enable auto updates make sure there is a NAT setup for it's IP to access the outside.

0 Helpful

rhermes
Level 7
Level 7
In response to terrygwazdosky

‎07-14-2010 08:46 AM

The Management IP address you assign to the AIP-SSM module will be assigned to that external ethernet interface jack on the module.

Whatever network you'd like to connect that interface to will help decide what network the address will live in.

Personally, I'd keep it within a management network if possible. You don;t need to expose it to production traffic. Every now and then there is a DoS vulnerbility on the management interfaces of devices, you can avoid your exposure to them if you have a segerated management network.

- Bob

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card