I have configured an ASA5510 to send all traffic to IPS like bellow as cisco doc described.
access-list IPS extended permit ip any any
match access-list IPS
ips inline fail-close
service-policy my-ips-policy global
And all incommeing traffic from outside should go to IPS. How to make sure that traffic is going to IPS.
If i give command like this
sh service-policy global
its showing below:
IPS: card status Up, mode inline fail-close
packet input 12119, packet output 12119, drop 0, reset-drop 0
Then I go to ips and enable a signature definition number 2004 to denay ICMP echo request. In actions i choosed deny packet inline. but still i can ping from outside to inside.
Please advise sir what to do.