we have CISCO ASA 5520 model with AIP-SSM 10 IPS Module , i am new to IPS ,
1. i dont know where to connect from this module port another port(Connectivity ) it should connec to any Router or L3 interface ?
2. what IP Address should i use , it should be reachable IP From network or Client ?
3.and How IPS Works.?
kindly can anyone guide me.
Solved! Go to Solution.
The external port of AIP-SSM-10 is meant only for management connections, like ssh/IDM, etc.
You can connect this port to any L2/L3 port (which would depend on your network setup) such that it is reachable from your management stations.
Though you can give any ip address/subnet such that it is reachable from your management stations, it is advisable to keep it in same subnet as that of ASA's inside interface.
All network traffic that IPS inspects is sent by ASA via it's backplane.
The following is an example to configure ASA to send traffic to IPS for inspection.
The following describes the initial setup procedure on IPS module (AIP-SSM).
AIP-SSM is signature based IPS device. There are many predefined signatures which are matched against the traffic IPS inspects. In case of a match, IPS takes certain actions as defined in the particular signature.
You can add custom signatures as well.
Thanks For your Reply ,
but i still i am unable to access and i am unable to download from you metioned Link.
L3Switch Port Fa0/12(10.10.20.22/30)----ASAinsideinterface(10.10.20.21/30)
L3Switchport Fa0/13 (10.10.20.26/30)-----ASA IPS Module ( 10.10.20.25/30)--in IPS given de-fault gateway as 10.10.20.26 & in access-list permitted client subnet also
L3SwitchPort Fa0/13 (192.168.111.254/24)-----User PC IP 192.168.111.250
i can access ASA and we configured VPN everything is working fine except i cannot access IPS through ASDM/telnet/ssh from Client PC.
kindly Guide me.
I'm glad its working now.
The cycle usually followed in IPS deployments is:
Deploy --> Monitor alerts --> Tune sugnatures --> Update signature --> Monitor alerts --> Tune signatures and so on.
The following examples might be of interest. For now, you can safely ignore the ones that discuss IDS.