cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
710
Views
5
Helpful
16
Replies

Trend Micro

netsec123
Level 1
Level 1

Hi. I am a newbie with this card... What IP address goes in the box when you start the wizard? ANOTHER IP different from the mamagement IP OR an IP address of a management workstation?

16 Replies 16

JORGE RODRIGUEZ
Level 10
Level 10

So do I, but lets read the instrutions on configuring ssm.

Based on the instructions provided by link bellow the ssm needs a unique IP address for management , not the ip address of Management port of security applience but it could be an address under the same subnet the ASA management port is under, the ssm card can also have an IP address of a different inside subnet as long that IP address is permissioned in ASA to manage the device.

Refer to gathering information section

http://www.cisco.com/en/US/docs/security/asa/asa71/getting_started/asa5500/quick/guide/CSC_SSM.html#wp1032118

HTH

Jorge

Jorge Rodriguez

Hi again Jorge. This thing is really kicking my butt. I am now getting this message and cannot get to the CSC at all... I checked the command line interface and there is no reference to the Trend Micro Card to make any changes. Any ideas?

mherald
Level 1
Level 1

I really like this card, but it really lacks in performance. It sounds really good on paper, but it performs poorly in reality.

The IP that goes in there, is a "management IP address" that will be used to access the CSC module software. This IP address is in addition to all other IPs you have used and will correspond to the port on the CSC module itself. You do have to connect this to your switch infrastructure with a patch cable. Even when you click in the ASDM to control the CSC, a web browser will open up (ssl, I think on port 7443 or 8443.

Then say you use an internal IP, and you access the ASDM software remotely, that interface IP needs to be NATed to a public IP and rules for access allowed, or you have to open a VPN connection up.

Turn options on this card slowly! Just a little at a time and monitor performance, especially in a redundant configuration. If you enable them all at once, it will be tough to determine what exactly is causing a slowdown.

If you turn the card on, with the inspection on the outside interface, all IPs in the log will be the outside interface or NATed address. You can not map them back to a user easily (for web access logs).

I worked with TAC for a long time on this card. It is very important to have the card up to the latest firmware you can get, it will enhance the performance of the card.

I do like what I read about the module and hopefully the performance will pick up on the card in the near term future.

I hope this helps,

Mike

I am hearing you AND THANK YOU SO MUCH for getting back to me. This card is kicking my ass. I have it an IP address on the local LAN - same subnet as the inside interface. NOW I can't even access it with the wizard. Are there no command line entries in the ASA referencing this card? Very confusing.

THANK YOU. PLEASE REPLY.

Providing the interface is live ... try

https://ip_address:7443 or it may be port 8443, I forget off the top of my head.

Mike

Hi Mike.

You really helped me out big time! I rated the post. But it does not seem I can change too much with this connection. From the ASDM, if you check the screen shot I've attached above, I cannot access the Trend Micro Card FROM the ASDM... I'm kind of stuck 'cause then I cannot send traffic to the card through the ASA which is I 'think' how it's supposed to be.... ANY help u can give me would be awesome!!!

hi

IF you want to configure the CSC module, just enter the command session 1 in global-config mode. From here you can configure the CSC module, just add the gateway and password. after that try from ASDM. still queries? reply back

You are great dude! I am attaching this screen shot as I reconfigured the card 2x and although I continue to be able to access it on 844e, I CANNOT get to it through ASDM no matter what I do. :( I'm really getting burnt here. Any help you can give me would be great!

It would be helpful, if you provide me the following details.

What is the IP assigned to CSC module. is it in the same series of LAN and this port should be connected to LAN.

Try to ping the CSC IP from LAN, r u able to ping?

If the above settings are OK, and you are still not able access, then better reset the card settings from command line. and assign the new IP address, gateway. Start new session of asdm, try it out. Some times it happens if gateway of CSC is misconfigured.

What version of code are you running on the CSC? I looked at your screen shot and it doesn't look like the CSC management interface that I am used to seeing. From that management interface, you should be able to configure the entire module. The ADSM screen opens up a web browser to the address as I have described.

Mike

Greetings.

I can ping the address [172.16.1.94] from a host on the same subnet. As far as versioning, SSM 6.1 build 1519... I can access the card FROM the LAN but the asdm interface does not bring up the Trend Micor interface for the unit. I know I can probably configure the whole card from command line [is there a doc for this?] but would rather use the GUI or both... I am losing my mind on this as I reset this card to factory default 3x.

Please stick with me as I need the help!

Sorry to ask again same question, but can you confirm that 172.16.1.94 is in the LAN (inside) series IP or any other IP. Because you mentioned i am able to ping but dont know is in LAN series or not.

i also faced problems to setup CSC module for 1 month (Because of no documentation), but after installation it is working like wonderful, without any problems (*No Spam).

I would upgrade the card to 6.2 code (I think there is only one version out for it).

I forget all the benefits, but the card supposedly operates faster, or allows more connections or something.

The web browser is the correct tool to configure the card. The web browser should bring up a fnacy trend micro page, with lots of options on it.

Mike

Guys, thanks for helping me. I CAN ping the .94 from the inside LAN. The inside LAN is the inside interface of the ASA as well. I send the picture of what the browser screen looks like when this fails.... see attached. I will try to upgrade the code. Can I do that from the command line?

THANKS!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: