04-02-2007 10:46 AM - edited 03-10-2019 03:32 AM
Hi all,
Last week I purchased a brand new ASA 5510 with AIP-SSM (ASA5510-AIP10-K9). It came in with ASA version 7.2(2) and IPS version 5.1(1)S205.0.
I cannot monitor the IPS from within ASDM because IPS 6.0.1 or higher is required. My questions:
1. Why was the new unit shipped with IPS 5.1? Shouldn't I got IPS 6.0.1 in the first place?
2. Do I need a support contract to be able to upgrade to IPS 6.0.1? I want to update the signatures too. What contract would I need?
3. What is the best approach to remotely monitor the AIP-SSM with IPS 5.1 on it? Better upgrade to 6.0.1, right?
Hope someone can shed some light.
Kind regards,
Mark Loman
04-02-2007 05:25 PM
3. https://
04-02-2007 11:16 PM
Thanks for the quick response! I appreciate it. The https://
"The management port of the CSC SSM must be connected to your network to allow management of and automatic updates to the CSC SSM software. Additionally, the CSC SSM uses the management port for email notifications and syslogging."
Is this the same for AIP-SSM? (it's not mentioned in the manual)
In my situation, the AIP-SSM has IP address 10.2.0.201/24 and 10.1.1.0/24 has access for it. But the ASA has defined 10.2.0.201 as outside while 10.2.0.0/24 is actually defined inside (on the ASA). The log states:
"Teardown TCP connection 1494 for outside:10.1.1.150/59990 to outside:10.2.0.201/443 duration 0:00:00 bytes 0 Flow is a loopback"
10.2.0.0/24 is defined on ASA Ethernet0/1 (nameif inside), but - as mentioned above - I do not want to physically connect AIP-SSM with that network (I would need to purchase a switch, just to manage AIP-SSM). I just want to manage the AIP-SSM over a Site-to-Site VPN (10.1.1.0/24). I cannot find any information on this.
Thanks!
Mark
04-08-2007 09:03 AM
Either way you want to manage it(asdm integrated or idm), you will need to connect the management port of the aip-ssm to the network. When you upgrade the code to 6.0 and try to connect, the idm will not be able to connect if the management port is not on the network. Any time I set it up, I will connect the aip-ssm to a switchport and place that switchport in a management vlan. That way you can filter all the traffic that you do not want to enter that vlan.
06-06-2007 09:06 PM
Hi,
If you want to manage your AIP remotly using the IDM you will need to have the managment interface connected to the network so that it can be reached by ip. IF you don't want to do it like that then you can connect remotly to the ASA and then log in into the AIP but using the CLI only.
06-07-2007 04:48 AM
Hmm.. for one my customer i had deployed the ASA with the CSC-SSM module. From outside i was able to log into the ASDM and manage the asa, but since the CSC module has a internal Private ip address, i dont get to manage the CSC SSM from the asdm. I then connected the CSC SSM to the public ip and tried accessing it and still not able to do so.
Any ideas
_hoogen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide