ASA5520 IPS, not seeing any traffic

Unanswered Question

I have the IPS set to promiscuous mode.

Have a policy map set don't see it doing anything I get no reports or logs I see no traffic on it.

How do you know what it's doing? or get it to do something?

I don't even know what questions to ask as the documentation for this thing is horrible.

access-list IPS extended permit ip any any

access-group Outside_access_in in interface Outside

access-group Inside_access_in in interface Inside

route Outside 1

route Inside 1

class-map IPS-CLASS

match access-list IPS

class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


message-length maximum 1024

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect icmp


ips promiscuous fail-open

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
abinjola Tue, 02/12/2008 - 13:05
User Badges:
  • Cisco Employee,

sh run service-policy (will tell you if this policy is applied anywhere)

sh service-policy (will tell you if IPS is inspecting)

doering Tue, 02/12/2008 - 14:42
User Badges:

Have you configured the AIP-SSM yet? You currently show the ASA configuration. And it looks like your going to send traffic to the AIP. Could you session into the AIP from the ASA and make sure that you have configured it as well?


This Discussion