We have an ASA-5510 with an AIP-SSM IPS module. From time to time I need to run a network scanner against assets in the DMZ from the inside network. Of course the IPS is going to block most of the scanners activities. Is there an easy way to temporarily disable the IPS functionality while the scans are running? Either command line or through the ASDM?
This is exactly what you want to stay away from. The purpose of the device is to inspect traffic. So, if you're looking to do this on a continuous basis look into the filter. If you are only going to be doing this one time, Scothrel is right thought, putting it in bypass will basically inert the device.
You can accomplish this by going to "interface configuration," "Bypass," and while there select ON. When you are doing with what ever you're doing, ensure you go back on put the device in Auto or OFF.
In addition to the filter idea(s) mentioned elsewhere, the sure fire way to get IPS out of the way is to set its bypass mode to "on" (vice the auto it defaults to). This will cause the IPS software to turn around packets without inspection.