11-05-2007 05:55 AM - edited 03-11-2019 04:31 AM
Looking at the new ASA range of firewall and would like one with IPS ability. It seems now you need the AIP SSM modules which are more than doubling the price of the firewall. Does anyone know if the ASA5510 has any IDS/IPS features or if the model required?
The old PIX used to have basic IDS feature if I recall.
Solved! Go to Solution.
11-05-2007 07:55 PM
Hi .. yes indeed the ASA also supports those basics IDS features .. but they are basic and statics. if you want to be serious about packet inspections then you really need to opt for a IPS module or a sensor.
I hope it helps .. please rate it if it does !!
From Cisco Doc:
"Step 1 To define an IP audit policy for informational signatures, enter the following command:
hostname(config)# ip audit name name info [action [alarm] [drop] [reset]]
Where alarm generates a system message showing that a packet matched a signature, drop drops the
packet, and reset drops the packet and closes the connection. If you do not define an action, then the
default action is to generate an alarm.
Step 2 To define an IP audit policy for attack signatures, enter the following command:
hostname(config)# ip audit name name attack [action [alarm] [drop] [reset]]
Where alarm generates a system message showing that a packet matched a signature, drop drops the
packet, and reset drops the packet and closes the connection. If you do not define an action, then the
default action is to generate an alarm.
Step 3 To assign the policy to an interface, enter the following command:
ip audit interface interface_name policy_name
Step 4 To disable signatures, or for more information about signatures, see the ip audit signature command in
the Cisco Security Appliance Command Reference."
11-05-2007 07:55 PM
Hi .. yes indeed the ASA also supports those basics IDS features .. but they are basic and statics. if you want to be serious about packet inspections then you really need to opt for a IPS module or a sensor.
I hope it helps .. please rate it if it does !!
From Cisco Doc:
"Step 1 To define an IP audit policy for informational signatures, enter the following command:
hostname(config)# ip audit name name info [action [alarm] [drop] [reset]]
Where alarm generates a system message showing that a packet matched a signature, drop drops the
packet, and reset drops the packet and closes the connection. If you do not define an action, then the
default action is to generate an alarm.
Step 2 To define an IP audit policy for attack signatures, enter the following command:
hostname(config)# ip audit name name attack [action [alarm] [drop] [reset]]
Where alarm generates a system message showing that a packet matched a signature, drop drops the
packet, and reset drops the packet and closes the connection. If you do not define an action, then the
default action is to generate an alarm.
Step 3 To assign the policy to an interface, enter the following command:
ip audit interface interface_name policy_name
Step 4 To disable signatures, or for more information about signatures, see the ip audit signature command in
the Cisco Security Appliance Command Reference."
11-06-2007 02:07 AM
Hi - thanks for reponse. Looking on the old PIX PDM I see it under System Properties > Intrusion Detection. I can;t see anything similar on the ASA I have - where is this in SDM manager?
Thanks
11-06-2007 02:23 AM
hi - found it under IP audit.
thanks
Rob
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide