connecting to IPS with ASDM

Answered Question
Sep 15th, 2008
User Badges:

I am doing ASA5510 with IPS, initial setup. I can access ASA from ASDM. But when I click the IPS tab in ASDM, it will retrieve the management IP of the IPS, but finally says "unable to connect".

I tried even chaning management IP using CLI, still no luck.

Any ideas ?

Correct Answer by rhermes about 8 years 9 months ago

In addition to connecting the AIP-SSM to your LAN, as Sushil suggested, you will need to assign an IP address, netmask, gateway and place your management host's IP address into the AIP-SSM's allowed hosts list. You can do all this by connecting to the AIP-SSM via the ASA using the "session 1" command, loging in (cisco/cisco by default) and running "setup".

Correct Answer by suschoud about 8 years 9 months ago

Hi,



Is the management interface of SSM connected to your local lan.At the back of asa,where aip-ssm is plugged in,you would see a management interface.This management interface should have a cable running to your local lan switch or router.There has to be a connectivity from local lan to the management interface so that aip-ssm info. could be retrieved.



Please rate if helps. :)



Regards,

Sushil

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
suschoud Mon, 09/15/2008 - 05:57
User Badges:
  • Gold, 750 points or more

Hi,



Is the management interface of SSM connected to your local lan.At the back of asa,where aip-ssm is plugged in,you would see a management interface.This management interface should have a cable running to your local lan switch or router.There has to be a connectivity from local lan to the management interface so that aip-ssm info. could be retrieved.



Please rate if helps. :)



Regards,

Sushil

Correct Answer
rhermes Mon, 09/15/2008 - 08:15
User Badges:
  • Gold, 750 points or more

In addition to connecting the AIP-SSM to your LAN, as Sushil suggested, you will need to assign an IP address, netmask, gateway and place your management host's IP address into the AIP-SSM's allowed hosts list. You can do all this by connecting to the AIP-SSM via the ASA using the "session 1" command, loging in (cisco/cisco by default) and running "setup".

nkariyawasam Mon, 09/15/2008 - 21:28
User Badges:

Thanks for both answers! I was able to connect though management iontarface, connected to the LAN. I wonder is there any way that I can connect to AIP-SSM internally ( ie using the ASDM conneciton alone) , without actually using the management interface.

suschoud Tue, 09/16/2008 - 04:43
User Badges:
  • Gold, 750 points or more

That would not be possible.ASDM open on ur w/station connects to ips through the management interface of ssm.You can treat this as a separate connection initiated by asdm s/w to the ip address of ssm from the w/station.



Regards,

Sushil

new_networker Sat, 12/06/2008 - 10:11
User Badges:


Is it necessary to access the management interface from ASDM via the same network. Or can it be a different network as well.


In my case, the pings from other network are going through but the telnet to port 443 is not responding. It is however responding from the same network as management interface. Is there a restriction like this ?


Thanks.

rhermes Mon, 12/08/2008 - 09:08
User Badges:
  • Gold, 750 points or more

The ASA management interface can be on a different network from the AIP-SSM Management network address.

Check the allowed hosts on your IPS module, you might be denying access to the network/host that can't https to your sensor.

Actions

This Discussion