cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
925
Views
0
Helpful
1
Replies

IPS configuration promiscus mode(fail-open) assistance/troubleshooting

amardram123
Level 1
Level 1

Hi all ,

I have 2 ASA configured in active/standby failover mode. I want to configure IPS in promiscus mode with fail-open configuration.

i have not connected IPS with any pc through magmt port.

I can access IPS through ASA(5520) using session 1 and able to do basic configuration using setup.

after configuring when i try to login through ASA ASDM(IPS tab on home page of ASA ASDM) it ask for ip(managment or other ip).. I am trying to access the IPS with ip(192.168.3.74) configured in IPS using initial setup (192.168.3.74/27, 192.168.3.65) and also added access-list allowing 192.168.3.0/24.

ASA inside ip subnet:192.168.3.64/27

ASA DMZ ip subnet: 192.168.1.0/24

let me know if i need to assign IPS ip from dmz range or inside range?

Do i need to setup same IP for IPS in both ASA module?

Let me know if i can connect to IPS from ASA ASDM using some ip(192.168.3.74) configured through setup on 443 port.?

What access-list i should add in IPS or ASA if required?

While setting up IPS 1st time using setup command i am not able to see the unused/monitored interface(g0/1) so that i could add both interface, which should show as per cisco doc. what may be the reason?

IPS 6.0

ASA(5520) 7.24

ASDM 5.24

Regards

Amardeep

1 Reply 1

Farrukh Haroon
VIP Alumni
VIP Alumni

You need to configure the interface properly and plug it in the network.

The second interface is displayed different in the AIP-SSM, as  this is a logal/internal connection to the ASA.


Regards

Farrukh

Review Cisco Networking for a $25 gift card