cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
558
Views
4
Helpful
4
Replies

ASA 5540 Firewall

Sw33tpea1
Level 1
Level 1

Does the 5540 without the AIP-SSM module have a Fail-Close option?

4 Replies 4

ajagadee
Cisco Employee
Cisco Employee

Hi,

Yes. Please refer the below URL for configuration details:

"ips promiscuous fail-close"

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/i3_72.html#wp1733789

Regards,

Arul

*Pls rate if it helps*

Arul, thanks, but, this still refers to the AIP SSM Module. I do not have one in my system. Does this still applies?

Hi,

One of these days, I need to get my glasses :-)

My understanding is, the above commands apply only if you have a SSM in the chassis. The reason being, you don't want the ASA to drop traffic if the SSM Fails.

But, if you are doing IPS on the ASA itself, meaning no SSM, I dont think you have an option of fail close.

Regards,

Arul

Arul,

Thanks I thought that was the case.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: