06-11-2009 04:40 PM - edited 03-10-2019 04:39 AM
Hi There,
I have set up an AIP-SSM on our ASA5510 for the first time, following this excellent guide, http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml.
The difference between the environment used in the doco and ours are the specs of our ASA and module, which are the following, IOS version 8.0(4), ASDM version is 6.1(3), the SSM application version is 6.0(5)E2.
I have followed all the steps to enable connectivity to the module from ASDM, created the access list to allow all ip traffic to be passed to the module for inspection the class map and policy map indicating the mode promiscous, fail-open. The service policy is applied globally.
The problem i face is that when i try to verify as stated on the guide with the command show events alert on the module CLI i do not get any output, so i'm not sure if traffic is being passed to the module. Can someone plese help me clarifying this?
Regards,
Esteban
Solved! Go to Solution.
06-11-2009 08:45 PM
Execute "show conf" on your AIP SSM CLI. Verify that the GigabitEthernet0/1 backplane interface of the SSM has been assigned to virtual sensor vs0.
If it has not, then run "setup" and near the end of the setup wizard there will be an option to edit the interface and virtual sensor configuration. Use this option to modify the configuration for virtual sensor vs0 and in the interface.
You can also run "show stat virtual-sensor vs0" to see the counts of packets being analyzed by vs0.
06-11-2009 08:45 PM
Execute "show conf" on your AIP SSM CLI. Verify that the GigabitEthernet0/1 backplane interface of the SSM has been assigned to virtual sensor vs0.
If it has not, then run "setup" and near the end of the setup wizard there will be an option to edit the interface and virtual sensor configuration. Use this option to modify the configuration for virtual sensor vs0 and in the interface.
You can also run "show stat virtual-sensor vs0" to see the counts of packets being analyzed by vs0.
06-11-2009 11:04 PM
In addition to what marco suggested also use the following command to see packet sent and received to the MODULE
show service-policy
06-14-2009 07:06 PM
Guys,
Thanks a million to both of you. Great help.
Now that i can see the traffic going to the module, i'm wondering the best to test the module. Is there any tool that will allow me to test this IPS module?
Regards,
Esteban
06-14-2009 08:58 PM
well you may either run a test using traffic gen. simulators like Nmap or nesus
Alternatively you may either enable icmp signature 2051/2 and ping through the module, you will see alert generating for this thus confirming IPS functionality
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: