- Bronze, 100 points or more
I have recently upgraded my AIP-SSM-20 modules to 6.0(5)E2 at the recommendation of Cisco. I have 2 ASA5520s in single-context mode in an Active/Standby configuration. 1 module in each FW.
I have the IPS in promiscuous mode at the moment because honestly, I have no clue how to configure or effectily implement this tool.
I've been fumbling around the GUI / CLI and I have added the "host" firewalls as blocking devices (10.1.1.3, and 10.1.1.5), and set them to communicate via SSH 3DES. I created a profile called ASA that includes the login information. Since I have update the IPS firmware, I see a log message in ASDM saying:
TCP access denied by ACL from 10.1.1.65/46906 to inside:10.1.1.3/23.
I get this message for 10.1.1.65 and 10.1.1.68, the two IPS modules. I have verified that the correct credentials are configured in the IPS, as well as the correct connection type. I have removed the "Blocking Devices" config and then reapplyed it, still no change. Why is the IPS trying to telnet to the firewall when it's explicitly configured to SSH? Any ideas would be great. Thanks!