04-06-2011 05:06 AM - edited 03-10-2019 05:19 AM
Hi,
we have CISCO ASA 5520 model with AIP-SSM 10 IPS Module , i am new to IPS ,
1. i dont know where to connect from this module port another port(Connectivity ) it should connec to any Router or L3 interface ?
2. what IP Address should i use , it should be reachable IP From network or Client ?
3.and How IPS Works.?
kindly can anyone guide me.
Solved! Go to Solution.
04-11-2011 06:11 AM
Hi,
You'll need CCO credentials using which you should be able to login to www.cisco.com
Paps
04-06-2011 05:56 AM
Hi,
The external port of AIP-SSM-10 is meant only for management connections, like ssh/IDM, etc.
You can connect this port to any L2/L3 port (which would depend on your network setup) such that it is reachable from your management stations.
Though you can give any ip address/subnet such that it is reachable from your management stations, it is advisable to keep it in same subnet as that of ASA's inside interface.
All network traffic that IPS inspects is sent by ASA via it's backplane.
The following is an example to configure ASA to send traffic to IPS for inspection.
The following describes the initial setup procedure on IPS module (AIP-SSM).
AIP-SSM is signature based IPS device. There are many predefined signatures which are matched against the traffic IPS inspects. In case of a match, IPS takes certain actions as defined in the particular signature.
You can add custom signatures as well.
Paps
04-09-2011 07:12 AM
Hi ,
Thanks For your Reply ,
but i still i am unable to access and i am unable to download from you metioned Link.
Connectivity is
L3Switch Port Fa0/12(10.10.20.22/30)----ASAinsideinterface(10.10.20.21/30)
L3Switchport Fa0/13 (10.10.20.26/30)-----ASA IPS Module ( 10.10.20.25/30)--in IPS given de-fault gateway as 10.10.20.26 & in access-list permitted client subnet also
L3SwitchPort Fa0/13 (192.168.111.254/24)-----User PC IP 192.168.111.250
i can access ASA and we configured VPN everything is working fine except i cannot access IPS through ASDM/telnet/ssh from Client PC.
kindly Guide me.
04-11-2011 12:24 AM
Hi,
Lets try the following.
Open CLI to ASA.
run 'session 1'
Login to IPS.
Obtain 'show config' output.
Check if you can ping 192.168.111.250 and 10.10.20.26 from here.
Paps
04-11-2011 05:51 AM
Hi ,
switchport problem was there.
it is working now, thanks a lot for your help.
can you guide with any document how to use IPS effectively.
04-11-2011 05:59 AM
I'm glad its working now.
The cycle usually followed in IPS deployments is:
Deploy --> Monitor alerts --> Tune sugnatures --> Update signature --> Monitor alerts --> Tune signatures and so on.
The following examples might be of interest. For now, you can safely ignore the ones that discuss IDS.
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/prod_configuration_examples_list.html
Paps
04-11-2011 06:04 AM
Hi Paps,
forbidden file or application error is coming, and for one link it is asking credentials , i am using supportforum credentials it gives me error forbidden file or application.
04-11-2011 06:11 AM
Hi,
You'll need CCO credentials using which you should be able to login to www.cisco.com
Paps
04-11-2011 06:14 AM
Hi Paps,
i dont have cco account , anyhow Thanks you very much for your support given to me.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide