Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2145
Views
0
Helpful
5
Replies

IPS in Transparent Mode

Go to solution
lcaruso
Level 6
Level 6

‎12-20-2012 06:42 PM - edited ‎03-11-2019 05:39 PM

Hi,

I need to know if the 5512X IPS will work if the ASA is in transparent mode and/or any limitations.

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to lcaruso

‎12-24-2012 03:39 PM

Hello Lcaruso,

Starting on ASA 8.4 on transparent mode you can have more than one Ip as you will be using Bridge-groups, also the managment interface will have it own dedicated Ip address.

The AIP-SSM will be fully fucntional whether you have it on transparent mode or not,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎12-20-2012 09:59 PM

Hello,

Yes, it can definetly run on transparent mode

An ASA in transparent mode can run an AIP.  In the event the AIP fails,

the IPS will fail-open and the ASA will continue to pass traffic.
However, if an interface or cable fails, then traffic will stop.  You
would need a failover pair to account for this failure event, which
means another ASA and matching AIP."

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
lcaruso
Level 6
Level 6
In response to Julio Carvajal

‎12-24-2012 10:32 AM

Hi Julio,

I understand in Transparent Mode the ASA can only have one ip address on it. Does that include the IPS SSP as well?

Will I be able to setup the IPS to get its updates, global correlation, ntp and such if the ASA only has one ip address?

Will I be able to meet the requirements to manage the IPS with IME?

Thanks.

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to lcaruso

‎12-24-2012 03:39 PM

Hello Lcaruso,

Starting on ASA 8.4 on transparent mode you can have more than one Ip as you will be using Bridge-groups, also the managment interface will have it own dedicated Ip address.

The AIP-SSM will be fully fucntional whether you have it on transparent mode or not,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
lcaruso
Level 6
Level 6
In response to Julio Carvajal

‎12-24-2012 05:35 PM

So I can have bridge groups and assign an ip address to the management interface and setup the IPS just like a routed firewall? Guess I've got some reading to do.

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to lcaruso

‎12-24-2012 06:05 PM

Hello Lcaruso,

Exactly you got it

Yeah but reading is not that bad when you know what you are looking for

Have a good one

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top