AIP SSM 10 config

Unanswered Question
Jan 15th, 2009
User Badges:

I have an AIP SSM 10 module on an ASA 5510. My management address of the ASA is still default at and the management of the IPS is

Internal addresses are 172.16.x.x, external addresses are 10.1.x.x

I would like to setup the SSM to monitor traffic coming inside from the outside interface. Haven't really seen any good documentation on this. Anyone help would be greatly appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jens.becker Sat, 01/17/2009 - 06:26
User Badges:

Create a class-map to identify traffic:

access-list monitor-acl extended permit ip any log

class-map IPS_TRAFFIC

match access-list monitor-acl

Create Policy-Map to define what should happen with the traffic:

policy-map IPS_POLICY


ips inline fail-open

Bind Policy to Interface:

service-policy IPS_POLICY interface outside


This Discussion