ASA5520 IPS, not seeing any traffic

Unanswered Question

I have the IPS set to promiscuous mode.

Have a policy map set don't see it doing anything I get no reports or logs I see no traffic on it.

How do you know what it's doing? or get it to do something?

I don't even know what questions to ask as the documentation for this thing is horrible.

access-list IPS extended permit ip any any

access-group Outside_access_in in interface Outside

access-group Inside_access_in in interface Inside

route Outside 0.0.0.0 0.0.0.0 xx.xx.xxx.1 1

route Inside 10.0.0.0 255.0.0.0 10.1.7.50 1

class-map IPS-CLASS

match access-list IPS

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 1024

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect icmp

class IPS-CLASS

ips promiscuous fail-open

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
abinjola Tue, 02/12/2008 - 13:05

sh run service-policy (will tell you if this policy is applied anywhere)

sh service-policy (will tell you if IPS is inspecting)

doering Tue, 02/12/2008 - 14:42

Have you configured the AIP-SSM yet? You currently show the ASA configuration. And it looks like your going to send traffic to the AIP. Could you session into the AIP from the ASA and make sure that you have configured it as well?

Actions

This Discussion