About rhermes

rhermes · 12-03-2010

Do the ASA/AIP-SSM modules pass Multicast traffic when configured in the In-Line mode?- Bob

rhermes · 07-08-2010

Does Cisco have a committed feature to support IPv6 on the management interface of the IPS sensor OS?If so, what release should we expect to see that in, and when might that be released?Will IPv6 be supported on all the existing IPS sensors? If not, ...

rhermes · 12-02-2008

Can I pass traffic from multiple firewall contexts in an ASA to a single context AIP-SSM module in-line mode?Would that use multiple VLAN pairs to keep the traffic seperate?

rhermes · 08-19-2008

Has anyone else been running a 4270 sensor in production with traffic at 1Gb/s or more?I'm interested in discovering if the symptoms we're seeing are unique with the default signature policy and 6.0(5)E2:Event Store wrapping every 60-90 seconds, maki...

rhermes · 08-01-2008

Several of my security friends and I have not recieved the notification that S349 is available. Is the notifier broken? Has anyone else gotten and email on S349? It has been available on CCO most of today.

rhermes · 04-02-2014

You want to do a VACL capture on the 6500: http://www.cisco.com/c/en/us/support/docs/lan-switching/vlan-access-lists-vacls/89962-vacl-capture.html monitor session 50 source vlan 100 , 200 monitor session 50 destination interface Fa3/30

rhermes · 04-02-2014

It all depends on your Fail Open setting and your security posture.If your primary ASA is set to Fail Closed, then taking the AIP-SSM off line for an upgrade will cause traffic to fail over to the standby ASA. If you are set for Fail Open then traffi...

rhermes · 04-02-2014

The 5 GigE sensing interfaces do have have MAC addresses.In Promiscious Mode, they do not transmit anything (except possibly a TCP reset, but it will spoof the MAC address on the reset).In In-Line Mode the IPS sensor is transparant at Layer 2 and wil...

rhermes · 02-03-2014

No, you can't send events to the ASA.SNMP Traps was the workaround. There is no syslog for signature events on Cisco IPS Sensors.Now if you want to wait till you get a Sourcefire image running on a 5500-X platform, THEN you can get syslogs. (beta sta...

rhermes · 02-03-2014

None of the Cisco IPS sensors can generate syslog messages for signature events.You can configure an SDEE client to [ull events off the sensor, or you can set the action on ALL your signatures to generate an SNMP Trap for the signature event.- Bob

Member Since	‎08-19-2003 10:22 PM
Date Last Visited	‎07-18-2018 12:03 AM
Posts	732
Total Helpful Votes Received	399

User Statistics

User Activity

IPS Sensors passing Multicast traffic

IPv6 support on management interface

Multicontext ASA > single context AIP-SSM

4270 Experiences

secret release of S349

You want to do a VACL capture

It all depends on your Fail

The 5 GigE sensing interfaces

Is it possible for SSM-20 to stream to syslog?

Is it possible for SSM-20 to stream to syslog?