implement ips on cisco asa5510

Unanswered Question
Sep 10th, 2008

Hi all. How do i implement ips on my asa5510? I can't seem to be able to find any website on this. Can i know if any of you find that the ips is effective? I am using asa ver7.2 and asdm5.2. Pls advise. Thks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
suschoud Wed, 09/10/2008 - 05:19

As for the SSM interfaces there are 2 interfaces.

One is the internal interface on the ASA backplane used Only for monitoring (both promiscuous and inline).

The second interface is the external interface of the SSM itself that is used for management of the SSM. This external interface is what will be assigned an IP as part of the setup command on the SSM. It should be physically connected to one of the networks. It can plugged into the same switch/hub where the ASA's inside, dmz, or management interface is connected. It can then be treated as just another machine on that network.

I have listed the steps below for the initial installation along with the links:

Step 1. To Initialize the SSM you need to :

1. Login via the console/telnet/ssh to the ASA.

2. Enter the command "session 1" to log into the SSM (IPS module).default username and password = cisco

3. On the SSM, use the "setup" command to configure the SSM for management access.

This will involve, among other things, configuring the IP address which should be a valid address for your network.

You'll also be prompted to limit the range of IP addresses that can access the SSM directly for management using an access-list permit.

These steps are documented at the following link:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/hwguide/hwinit.htm#wp1032621

4. Connect the Ethernet port on the SSM module to your management network. This will allow you to log into the SSM directly using the IP address configured above. You can then use the ASDM web based GUI to

configure and manage the SSM directly.

For more information on using ASDM see:

http://www.cisco.com/application/pdf/en/us/guest/products/ps6121/c1225/ccmigration_09186a008045786c.pdf

Step 2: Configure the ASA to pass traffic to the SSM:

This step is covered here:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/ids.htm#wp1050693

Please rate if the above post is helpful.

Regards,

Sushil

donnie Wed, 09/10/2008 - 23:20

Hi Sushil,

Thk you for the detailed response. Is this ssm module an additional hardware module that i need to add to my cisco5510? Or is it included by default?

suschoud Thu, 09/11/2008 - 04:46

AIP-SSM (ips) module is an additional module which you need to purchase.It is not included by default in asa5510.You can issue " sh module " command to see if there is one already installed on your asa.

Regards,

Sushil

Actions

This Discussion