Showing results for 
Search instead for 
Did you mean: 

where to connect AIP-SSM 10 MODULE INTERFACE



we have CISCO ASA 5520 model with AIP-SSM 10 IPS Module , i am new to IPS ,

1. i dont know where to connect from this module port another port(Connectivity ) it should connec to any Router or L3 interface ?

2. what IP Address should i use , it should be reachable IP From network or Client ?

3.and How IPS Works.?

kindly can anyone guide me.

1 Accepted Solution

Accepted Solutions


You'll need CCO credentials using which you should be able to login to


View solution in original post

8 Replies 8



The external port of AIP-SSM-10 is meant only for management connections, like ssh/IDM, etc.

You  can connect this port to any L2/L3 port (which would depend on your  network setup) such that it is reachable from your management stations.

Though  you can give any ip address/subnet such that it is reachable from your  management stations, it is advisable to keep it in same subnet as that  of ASA's inside interface.

All network traffic that IPS inspects is sent by ASA via it's backplane.

The following is an example to configure ASA to send traffic to IPS for inspection.

The following describes the initial setup procedure on IPS module (AIP-SSM).

AIP-SSM  is signature based IPS device. There are many predefined signatures  which are matched against the traffic IPS inspects. In case of a match,  IPS takes certain actions as defined in the particular signature.

You can add custom signatures as well.


Hi ,

Thanks For your Reply ,

but i still i am unable to access and i am unable to download from you metioned Link.

Connectivity is

L3Switch Port Fa0/12(

L3Switchport Fa0/13 ( IPS Module ( IPS given de-fault gateway as & in access-list permitted client subnet also

L3SwitchPort Fa0/13 ( PC IP

i can access ASA and we configured VPN everything is working fine except i cannot access IPS through ASDM/telnet/ssh from Client PC.

kindly Guide me.


Lets try the following.

Open CLI to ASA.

run 'session 1'

Login to IPS.

Obtain 'show config' output.

Check if you can ping and from here.


Hi ,

switchport problem was there.

it is working now, thanks a lot for your help.

can you guide with any document how to use IPS effectively.

I'm glad its working now.

The cycle usually followed in IPS deployments is:

Deploy  --> Monitor alerts --> Tune sugnatures --> Update signature  --> Monitor alerts --> Tune signatures   and so on.

The following examples might be of interest. For now, you can safely ignore the ones that discuss IDS.


Hi Paps,

forbidden file or application error is coming, and for one link it is asking credentials , i am using supportforum credentials it gives me error forbidden file or application.


You'll need CCO credentials using which you should be able to login to


Hi Paps,

i dont have cco account , anyhow Thanks you very much for your support given to me.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: