11-24-2008 10:42 AM - edited 03-11-2019 07:17 AM
Does the 5540 without the AIP-SSM module have a Fail-Close option?
11-24-2008 10:57 AM
Hi,
Yes. Please refer the below URL for configuration details:
"ips promiscuous fail-close"
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/i3_72.html#wp1733789
Regards,
Arul
*Pls rate if it helps*
11-24-2008 11:32 AM
Arul, thanks, but, this still refers to the AIP SSM Module. I do not have one in my system. Does this still applies?
11-24-2008 11:59 AM
Hi,
One of these days, I need to get my glasses :-)
My understanding is, the above commands apply only if you have a SSM in the chassis. The reason being, you don't want the ASA to drop traffic if the SSM Fails.
But, if you are doing IPS on the ASA itself, meaning no SSM, I dont think you have an option of fail close.
Regards,
Arul
11-24-2008 12:39 PM
Arul,
Thanks I thought that was the case.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: