08-13-2012 03:59 PM - edited 03-10-2019 05:45 AM
Hi All ,
i am new in security , i need to integrate IPS module with ASA 5500 and basic configuration steps . so that i can get inside traffic through IPS module to LAN .
please advise some esay steps to perm this activity
regards ,
08-13-2012 05:13 PM
Hi Aslam
You will use class maps to divert the traffic to the module. Here are some basic steps.
!Identify the traffic that needs to be diverted to the IPS SSP.
access-list IPS permit ip any any
!
!Classify the traffic using a class map.
!
class-map IPS
match access-list IPS
!
!Specify the action to be taken on the traffic using a policy map. !Since there is already a policy map attached globally in the FW, !the class-map defined above will be added here !only.
!
policy-map global_policy
class IPS
ips promiscuous fail-close (or fail-open)
!
Once that is done, the rest of the configuration needs to be done on the IPS using CLI or preferrably the IDM.
HTH. Please rate if useful.
Zubair
08-13-2012 06:58 PM
Thanks Zubair ,
what is the function of ips promiscuous fail-close (or fail-open) command ,
what could be the effect on network if IPS module will be down / stop working
08-13-2012 07:10 PM
For failure scenarios, have a look at this. This explains fail open and fail close. Also note that the above command is if you want to setup the IPS in promiscous mode. If you want to put it inline to traffic you need to enter "ips inline fail-close (or fail-open).
http://www.cisco.com/en/US/docs/security/ips/7.1/configuration/guide/cli/cli_ssp.html#wp1086445
Please rate if useful.
Zubair
08-14-2012 04:33 AM
thanks zubair.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide