IPS Module integration with ASA and basic configuration steps

aslam.bajwa · ‎08-13-2012

Hi All ,

i am new in security , i need to integrate IPS module with ASA 5500 and basic configuration steps . so that i can get inside traffic through IPS module to LAN .

please advise some esay steps to perm this activity

regards ,

zujalal · ‎08-13-2012

Hi Aslam

You will use class maps to divert the traffic to the module. Here are some basic steps.

!Identify the traffic that needs to be diverted to the IPS SSP.

access-list IPS permit ip any any

!

!Classify the traffic using a class map.

!

class-map IPS

match access-list IPS

!

!Specify the action to be taken on the traffic using a policy map. !Since there is already a policy map attached globally in the FW, !the class-map defined above will be added here !only.

!

policy-map global_policy

class IPS

ips promiscuous fail-close (or fail-open)

!

Once that is done, the rest of the configuration needs to be done on the IPS using CLI or preferrably the IDM.

HTH. Please rate if useful.

Zubair

aslam.bajwa · ‎08-13-2012

Thanks Zubair ,

what is the function of ips promiscuous fail-close (or fail-open) command ,

what could be the effect on network if IPS module will be down / stop working

zujalal · ‎08-13-2012

For failure scenarios, have a look at this. This explains fail open and fail close. Also note that the above command is if you want to setup the IPS in promiscous mode. If you want to put it inline to traffic you need to enter "ips inline fail-close (or fail-open).

http://www.cisco.com/en/US/docs/security/ips/7.1/configuration/guide/cli/cli_ssp.html#wp1086445

Please rate if useful.

Zubair

aslam.bajwa · ‎08-14-2012

thanks zubair.