I have set up an AIP-SSM on our ASA5510 for the first time, following this excellent guide, http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml.
The difference between the environment used in the doco and ours are the specs of our ASA and module, which are the following, IOS version 8.0(4), ASDM version is 6.1(3), the SSM application version is 6.0(5)E2.
I have followed all the steps to enable connectivity to the module from ASDM, created the access list to allow all ip traffic to be passed to the module for inspection the class map and policy map indicating the mode promiscous, fail-open. The service policy is applied globally.
The problem i face is that when i try to verify as stated on the guide with the command show events alert on the module CLI i do not get any output, so i'm not sure if traffic is being passed to the module. Can someone plese help me clarifying this?
Execute "show conf" on your AIP SSM CLI. Verify that the GigabitEthernet0/1 backplane interface of the SSM has been assigned to virtual sensor vs0.
If it has not, then run "setup" and near the end of the setup wizard there will be an option to edit the interface and virtual sensor configuration. Use this option to modify the configuration for virtual sensor vs0 and in the interface.
You can also run "show stat virtual-sensor vs0" to see the counts of packets being analyzed by vs0.