cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3346
Views
0
Helpful
8
Replies

where to connect AIP-SSM 10 MODULE INTERFACE

rafat0426
Level 1
Level 1

Hi,

we have CISCO ASA 5520 model with AIP-SSM 10 IPS Module , i am new to IPS ,

1. i dont know where to connect from this module port another port(Connectivity ) it should connec to any Router or L3 interface ?

2. what IP Address should i use , it should be reachable IP From network or Client ?

3.and How IPS Works.?

kindly can anyone guide me.

1 Accepted Solution

Accepted Solutions

Hi,

You'll need CCO credentials using which you should be able to login to www.cisco.com

Paps

View solution in original post

8 Replies 8

padatta
Level 1
Level 1

Hi,

The external port of AIP-SSM-10 is meant only for management connections, like ssh/IDM, etc.

You  can connect this port to any L2/L3 port (which would depend on your  network setup) such that it is reachable from your management stations.

Though  you can give any ip address/subnet such that it is reachable from your  management stations, it is advisable to keep it in same subnet as that  of ASA's inside interface.

All network traffic that IPS inspects is sent by ASA via it's backplane.

The following is an example to configure ASA to send traffic to IPS for inspection.

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_example09186a00807335ca.shtml

The following describes the initial setup procedure on IPS module (AIP-SSM).

http://www.cisco.com/en/US/partner/docs/security/ips/6.0/configuration/guide/cli/cliInit.html#wp1043876

AIP-SSM  is signature based IPS device. There are many predefined signatures  which are matched against the traffic IPS inspects. In case of a match,  IPS takes certain actions as defined in the particular signature.

You can add custom signatures as well.

Paps

Hi ,

Thanks For your Reply ,

but i still i am unable to access and i am unable to download from you metioned Link.

Connectivity is

L3Switch Port Fa0/12(10.10.20.22/30)----ASAinsideinterface(10.10.20.21/30)

L3Switchport Fa0/13 (10.10.20.26/30)-----ASA IPS Module ( 10.10.20.25/30)--in IPS given de-fault gateway as 10.10.20.26 & in access-list permitted client subnet also

L3SwitchPort Fa0/13 (192.168.111.254/24)-----User PC IP 192.168.111.250

i can access ASA and we configured VPN everything is working fine except i cannot access IPS through ASDM/telnet/ssh from Client PC.

kindly Guide me.

Hi,

Lets try the following.

Open CLI to ASA.

run 'session 1'

Login to IPS.

Obtain 'show config' output.

Check if you can ping 192.168.111.250 and 10.10.20.26 from here.

Paps

Hi ,

switchport problem was there.

it is working now, thanks a lot for your help.

can you guide with any document how to use IPS effectively.

I'm glad its working now.

The cycle usually followed in IPS deployments is:

Deploy  --> Monitor alerts --> Tune sugnatures --> Update signature  --> Monitor alerts --> Tune signatures   and so on.

The following examples might be of interest. For now, you can safely ignore the ones that discuss IDS.

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/products_configuration_example09186a0080b0b910.shtml

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/prod_configuration_examples_list.html

Paps

Hi Paps,

forbidden file or application error is coming, and for one link it is asking credentials , i am using supportforum credentials it gives me error forbidden file or application.

Hi,

You'll need CCO credentials using which you should be able to login to www.cisco.com

Paps

Hi Paps,

i dont have cco account , anyhow Thanks you very much for your support given to me.

Review Cisco Networking for a $25 gift card