04-25-2009 10:40 AM - edited 03-11-2019 08:23 AM
Hi,
I try to send specific traffic (with ACL) to a separate sensor in the aip-ssm.
When I check the counters of the vs on the module, there is no traffic inspected.
My config looks like the following:
ACL:
access-list ips_dmz permit ip any host x.x.x.x
access-list ips_dmz permit ip host x.x.x.x any
------------------
Class-Map:
class-map ips_dmz
match access-list ips_dmz
class-map ips_default
match any
------------------
Policy-Map:
policy-map ips_policy
class ips_dmz
ips inline fail-close sensor vs1
class ips_default
ips inline fail-open sensor vs0
------------------
Service-Policy:
service-policy ips_policy interface outside
service-policy ips_policy interface inside
service-policy ips_policy interface dmz1
Any ideas??
There is no difference, if I use an ACL to mark traffic or if I specify a TCP or UDP Port in the class-map.
The traffic inspection on vs0 runs perfect.
Regards,
Jens
Solved! Go to Solution.
04-30-2009 10:36 AM
if you look at cisco's documentation they actually specify separate service policies. rather than grouping your class maps in a single policy. And then applying the individual service policies to the appropriate interfaces. http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_ssm.html#wp1046943 I know i used this similar configuration at my last job, and it worked like a champ.
04-30-2009 06:17 AM
You can configure the inspection and protection policy, which determines how to inspect traffic and what to do when an intrusion is detected.
http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clissm.html
http://www.cisco.com/en/US/docs/security/ips/5.0/command/reference/cmdref.html
04-30-2009 10:36 AM
if you look at cisco's documentation they actually specify separate service policies. rather than grouping your class maps in a single policy. And then applying the individual service policies to the appropriate interfaces. http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_ssm.html#wp1046943 I know i used this similar configuration at my last job, and it worked like a champ.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: