IPS configuration promiscus mode(fail-open) assistance/troubleshooting

Unanswered Question
Jan 20th, 2010
User Badges:

Hi all ,

I have 2 ASA configured in active/standby failover mode. I want to configure IPS in promiscus mode with fail-open configuration.

i have not connected IPS with any pc through magmt port.

I can access IPS through ASA(5520) using session 1 and able to do basic configuration using setup.

after configuring when i try to login through ASA ASDM(IPS tab on home page of ASA ASDM) it ask for ip(managment or other ip).. I am trying to access the IPS with ip( configured in IPS using initial setup (, and also added access-list allowing

ASA inside ip subnet:

ASA DMZ ip subnet:

let me know if i need to assign IPS ip from dmz range or inside range?

Do i need to setup same IP for IPS in both ASA module?

Let me know if i can connect to IPS from ASA ASDM using some ip( configured through setup on 443 port.?

What access-list i should add in IPS or ASA if required?

While setting up IPS 1st time using setup command i am not able to see the unused/monitored interface(g0/1) so that i could add both interface, which should show as per cisco doc. what may be the reason?

IPS 6.0

ASA(5520) 7.24

ASDM 5.24



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Wed, 02/03/2010 - 03:46
User Badges:
  • Red, 2250 points or more

You need to configure the interface properly and plug it in the network.

The second interface is displayed different in the AIP-SSM, as  this is a logal/internal connection to the ASA.




This Discussion