06-29-2010 05:39 PM - edited 03-10-2019 05:02 AM
I am currently configuring an AIP SSM module on an ASA, and I would like to know which interface IP address should be used for the management interface. Should it be the outside interface of the ASA or the inside interface of the ASA?
06-29-2010 05:54 PM
Majority of the times, you would be managing the module from your internal network, hence most people configure the management interface with ip address from the inside network.
Hope that helps.
06-29-2010 06:07 PM
I also will be setting up the AIP SSM on two ASA's running Active/Standby, so I would like to know if I have to doing any configurations on the Standby. Or when I saved the configuration on the Active, will the AIP SSM configuration replicate to the Standby ASA?
06-29-2010 06:09 PM
No, you would need to manually configure both AIP module as the failover configuration synchronization is only for the ASA, not for the module.
You would need to configure unique/different ip address for each of the AIP module.
Hope that helps.
06-29-2010 06:22 PM
Is it best to setup the AIP SSM using the IME or just from co
mmand line? Also, where can I get info on
how to use the IME to provision the AIP SSM on the ASA?
06-29-2010 06:25 PM
you won't be able to use IME to provision the AIP. Session into the module from the ASA, then run the "setup" command, and it will run you through the basic network connectivity setup. Once you have the ip address configured, you can use IME to manage the module.
06-29-2010 06:31 PM
Is it possible to add the license and upgrade AIP SSM from the IME? Or do those have to be done from the CLI?
06-29-2010 06:54 PM
License and upgrade can be done through IME.
Here is the documentation guide for IME for your reference:
http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/ime/imeguide7.html
06-29-2010 07:03 PM
I really appreciate your answers. But one last question,
please point me to where I can get the syntax to setup Auto Update.
06-29-2010 07:06 PM
Here is the Auto Update configuration guide:
06-30-2010 01:28 PM
Please let me know how to configure the AIP SSM to monitor
Remote VPN Traffic.
06-30-2010 07:12 PM
When you configured the ASA to send the traffic towards the AIP module to be inspected, you can configure specific ACL for traffic that you would like to inspect, or otherwise, you can just configure "permit ip any any" ACL to inspect everything going through the ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide