Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
650
Views
0
Helpful
5
Replies

New to IDM

Go to solution
gandhi.ganesh
Level 1
Level 1

‎03-24-2009 10:03 PM - edited ‎03-10-2019 04:34 AM

Hi,

I'm new IDM

We have a ASA 5520 with IPS 10 module.

i wanted to know how the traffiic will flow in & out

My thoughts: from outside Internet>IPS>FW>LAn

is it right ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jvalin__s
Level 1
Level 1
In response to gandhi.ganesh

‎03-31-2009 02:45 AM

hi,

well you can configure the IPS module from the asa cli only. it depends upon the mode you want. promiscous or inline.

if you configure in promiscous mode a copy of packet is sent to the AIP-SSM-10 module, in this case it will act as IDS.

if you configure in inline mode then the traffic comes to inside/outside interface of the ASA and then it will be sent to AIP-SSM-10 module but dont forget to configure "bypass mode on"

load will always be there on the firewall because the module is inbuilt.

and it has to transfer the traffic to the module.

hope your doubt is cleared.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
vmoopeung
Level 5
Level 5

‎03-30-2009 12:20 PM

The traffic flow will be like this: Internet>FW/ACL>IPS>LAN

0 Helpful

Go to solution
gandhi.ganesh
Level 1
Level 1
In response to vmoopeung

‎03-30-2009 08:59 PM

Is this the recommended design ?

If any application level attack is coming then it come inside the FW & blocked in IPS. This unnecessarily creates load on FW right.

Please correct me if I'm wrong.

0 Helpful

Go to solution
jvalin__s
Level 1
Level 1
In response to gandhi.ganesh

‎03-31-2009 02:45 AM

hi,

well you can configure the IPS module from the asa cli only. it depends upon the mode you want. promiscous or inline.

if you configure in promiscous mode a copy of packet is sent to the AIP-SSM-10 module, in this case it will act as IDS.

if you configure in inline mode then the traffic comes to inside/outside interface of the ASA and then it will be sent to AIP-SSM-10 module but dont forget to configure "bypass mode on"

load will always be there on the firewall because the module is inbuilt.

and it has to transfer the traffic to the module.

hope your doubt is cleared.

0 Helpful

Go to solution
gandhi.ganesh
Level 1
Level 1
In response to jvalin__s

‎03-31-2009 03:13 AM

Thanks,

One more query

Fw logs can be sent to syslog servers.

What about the logs or attacks in IPS?

0 Helpful

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8
In response to gandhi.ganesh

‎04-06-2009 10:13 PM

Cisco IPS sensors do not support syslog protocol. They support SNMP traps and SDEE protocol.

You will need to use SDEE (Security

Device Event Exchange) client like CS-MARS and IME( Cisco IPS Manager Express - Free software from Cisco that can monitor/manage upto 5 sensors) to get events data out of IPS devices.

Syed Iftekhar Ahmed

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card