JORGE RODRIGUEZ Tue, 09/25/2007 - 19:12
User Badges:
  • Green, 3000 points or more

So do I, but lets read the instrutions on configuring ssm.


Based on the instructions provided by link bellow the ssm needs a unique IP address for management , not the ip address of Management port of security applience but it could be an address under the same subnet the ASA management port is under, the ssm card can also have an IP address of a different inside subnet as long that IP address is permissioned in ASA to manage the device.

Refer to gathering information section

http://www.cisco.com/en/US/docs/security/asa/asa71/getting_started/asa5500/quick/guide/CSC_SSM.html#wp1032118


HTH

Jorge




netsec123 Sat, 10/20/2007 - 14:56
User Badges:

Hi again Jorge. This thing is really kicking my butt. I am now getting this message and cannot get to the CSC at all... I checked the command line interface and there is no reference to the Trend Micro Card to make any changes. Any ideas?



Attachment: 
mherald Sat, 10/20/2007 - 18:55
User Badges:

I really like this card, but it really lacks in performance. It sounds really good on paper, but it performs poorly in reality.


The IP that goes in there, is a "management IP address" that will be used to access the CSC module software. This IP address is in addition to all other IPs you have used and will correspond to the port on the CSC module itself. You do have to connect this to your switch infrastructure with a patch cable. Even when you click in the ASDM to control the CSC, a web browser will open up (ssl, I think on port 7443 or 8443.


Then say you use an internal IP, and you access the ASDM software remotely, that interface IP needs to be NATed to a public IP and rules for access allowed, or you have to open a VPN connection up.


Turn options on this card slowly! Just a little at a time and monitor performance, especially in a redundant configuration. If you enable them all at once, it will be tough to determine what exactly is causing a slowdown.


If you turn the card on, with the inspection on the outside interface, all IPs in the log will be the outside interface or NATed address. You can not map them back to a user easily (for web access logs).


I worked with TAC for a long time on this card. It is very important to have the card up to the latest firmware you can get, it will enhance the performance of the card.


I do like what I read about the module and hopefully the performance will pick up on the card in the near term future.


I hope this helps,


Mike

netsec123 Sun, 10/21/2007 - 06:37
User Badges:

I am hearing you AND THANK YOU SO MUCH for getting back to me. This card is kicking my ass. I have it an IP address on the local LAN - same subnet as the inside interface. NOW I can't even access it with the wizard. Are there no command line entries in the ASA referencing this card? Very confusing.

THANK YOU. PLEASE REPLY.

netsec123 Mon, 10/22/2007 - 16:01
User Badges:

Hi Mike.


You really helped me out big time! I rated the post. But it does not seem I can change too much with this connection. From the ASDM, if you check the screen shot I've attached above, I cannot access the Trend Micro Card FROM the ASDM... I'm kind of stuck 'cause then I cannot send traffic to the card through the ASA which is I 'think' how it's supposed to be.... ANY help u can give me would be awesome!!!

psureshrao Tue, 10/23/2007 - 19:34
User Badges:

hi

IF you want to configure the CSC module, just enter the command session 1 in global-config mode. From here you can configure the CSC module, just add the gateway and password. after that try from ASDM. still queries? reply back

netsec123 Wed, 10/24/2007 - 06:00
User Badges:

You are great dude! I am attaching this screen shot as I reconfigured the card 2x and although I continue to be able to access it on 844e, I CANNOT get to it through ASDM no matter what I do. :( I'm really getting burnt here. Any help you can give me would be great!



Attachment: 
psureshrao Wed, 10/24/2007 - 19:27
User Badges:

It would be helpful, if you provide me the following details.

What is the IP assigned to CSC module. is it in the same series of LAN and this port should be connected to LAN.

Try to ping the CSC IP from LAN, r u able to ping?

If the above settings are OK, and you are still not able access, then better reset the card settings from command line. and assign the new IP address, gateway. Start new session of asdm, try it out. Some times it happens if gateway of CSC is misconfigured.



mherald Thu, 10/25/2007 - 06:29
User Badges:

What version of code are you running on the CSC? I looked at your screen shot and it doesn't look like the CSC management interface that I am used to seeing. From that management interface, you should be able to configure the entire module. The ADSM screen opens up a web browser to the address as I have described.


Mike

netsec123 Thu, 10/25/2007 - 10:13
User Badges:

Greetings.


I can ping the address [172.16.1.94] from a host on the same subnet. As far as versioning, SSM 6.1 build 1519... I can access the card FROM the LAN but the asdm interface does not bring up the Trend Micor interface for the unit. I know I can probably configure the whole card from command line [is there a doc for this?] but would rather use the GUI or both... I am losing my mind on this as I reset this card to factory default 3x.

Please stick with me as I need the help!

psureshrao Thu, 10/25/2007 - 21:08
User Badges:

Sorry to ask again same question, but can you confirm that 172.16.1.94 is in the LAN (inside) series IP or any other IP. Because you mentioned i am able to ping but dont know is in LAN series or not.

i also faced problems to setup CSC module for 1 month (Because of no documentation), but after installation it is working like wonderful, without any problems (*No Spam).

mherald Sat, 10/27/2007 - 08:05
User Badges:

I would upgrade the card to 6.2 code (I think there is only one version out for it).


I forget all the benefits, but the card supposedly operates faster, or allows more connections or something.


The web browser is the correct tool to configure the card. The web browser should bring up a fnacy trend micro page, with lots of options on it.


Mike

netsec123 Sat, 10/27/2007 - 10:27
User Badges:

Guys, thanks for helping me. I CAN ping the .94 from the inside LAN. The inside LAN is the inside interface of the ASA as well. I send the picture of what the browser screen looks like when this fails.... see attached. I will try to upgrade the code. Can I do that from the command line?

THANKS!

psureshrao Mon, 10/29/2007 - 07:55
User Badges:

can you post the config ofcourse remove your public info.

netsec123 Tue, 10/30/2007 - 18:34
User Badges:

Hi.


The config of the ASA or of the Trend Card??


Sorry if that seems like a dumb question?


Thank you for your help!

Actions

This Discussion