I have recently installed and initialized IPS module on ASA 5520 with help of cisco tec-support. But i dont see any traffic on IPS Dashboard. Our previous IPS 4240 shows alot of hits on its Dashboard. Why is this?
What version of IDM are you using?
Can you share a screenshot of what you are seeing?
Try to use the latest version of IDM and also try to access the module using a web browser instead of the launcher, in case you are using the launcher.
I have attached the file you requested.
The IDM version is 7.1
Cisco IPS Manager Express 7.2.3
Here Below is how i have initalized IPS module and how i have send the traffic to IPS on ASA5520.
access-list outside_ips extended permit ip any any
match access-list outside_ips
inspect dns preset_dns_map
inspect h323 h225
inspect h323 ras
ips inline fail-open sensor vs0
service-policy global_policy global
I believe with above configuration i will be able to inspect all traffic that is coming from external to DMZ and from DMZ to inside.The dashboard image, which i have attached is been like that for a week now. Before I removed our old IPS 4240, i see lots of traffic/hits on that dashboard (4240). which i believe i should see on this new IPS dashboard aswel. This makes me confuse. I think i doing this wrong.
Two things we can try.
Try to "rediscover" the sensor.
Basically go to the device list, delete it and add it back.
If that doesn't work, try to reload the server that has the IME software.
Something else you can check is the backplane interface, soemtimes the backplane interface is not enabled and the IPS does not process/inspect any data.
You can check the backplane inteface by going to configuration > policies > right click on the vs0 or vs1 and "check" the interface if it is uncheck.
Below you can see an example:
Hope it helps.
Please rate helpful posts.