ASA v802 with IPS v516E1

Unanswered Question
Sep 21st, 2007

Hi All,

Here is my dilemma,

I have 2x ASA 5520 v802 running multiple context and failover.

I also have the AIP-SSM-20 module installed in each running v516E1.

My problem is that I am unable to allocate an ips sensor to a context.

I receive no output from the show ips command.

I also receive no output from the allocate-ips ? command (under context config mode)

If I specify the sensor name as vs0 then it tells me that is invalid.

My requirement is to have the outside interface traffic across the various contexts to be sent to the IPS module. I only require one sensor.

I have read through the CG of ASA v8x and IPS v5x and various other docs but unable to find what I am doing wrong.

Any suggestions or comments please???

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
marcabal Mon, 09/24/2007 - 07:38

IPS 5.1 only supports a single virtual sensor vs0.

When any ASA version detects an IPS 5.1 then it will not allow you to allocate virtual sensors to contexts or specify the virtual sensor in the ips command, or execute the "show ips command".

All ips commands in the policies will automaticaly send the traffic to the vs0 virtual sensor. So the above commands are not necessary. Just add the ips command to the policy and the traffic will automatically be sent to the SSM for monitoring by vs0.

You need to load IPS v6.0 to get multiple virtual sensors.

Once you've loaded IPS v6.0 onto the SSM then you can create additional virtual sensors.

Correspondingly the ASA v8.0 will detect that IPS v6.0 is on the SSM and will enable the allocation of virtual sensors to the context, the ability to have an ips command point to a specific virtual sensor, and allow the "show ips" command.

nceitil Mon, 09/24/2007 - 23:12

Hi,

You right about the 5.1x only supports a single virtual sensor and you can't rename it and such.

The thing is I only want a single sensor. I just want to monitor the traffic on the outside (Internet) interface of the various contexts.

Apparently the feedback I'm getting is v5.1x does not work properly with multiple contexts period. If I want to assign a single sensor across all my contexts then I still have to run version 6.x.

I will first try out your comments around the fact that as long as I have the policies configured and applied within the contexts then they will by default send traffic to the SSM.

Will feedback my findings.

Actions

This Discussion