IPS configuration promiscus mode(fail-open) assistance/troubleshooting

Unanswered Question
Jan 20th, 2010

Hi all ,

I have 2 ASA configured in active/standby failover mode. I want to configure IPS in promiscus mode with fail-open configuration.

i have not connected IPS with any pc through magmt port.

I can access IPS through ASA(5520) using session 1 and able to do basic configuration using setup.

after configuring when i try to login through ASA ASDM(IPS tab on home page of ASA ASDM) it ask for ip(managment or other ip).. I am trying to access the IPS with ip(192.168.3.74) configured in IPS using initial setup (192.168.3.74/27, 192.168.3.65) and also added access-list allowing 192.168.3.0/24.

ASA inside ip subnet:192.168.3.64/27

ASA DMZ ip subnet: 192.168.1.0/24

let me know if i need to assign IPS ip from dmz range or inside range?

Do i need to setup same IP for IPS in both ASA module?

Let me know if i can connect to IPS from ASA ASDM using some ip(192.168.3.74) configured through setup on 443 port.?

What access-list i should add in IPS or ASA if required?

While setting up IPS 1st time using setup command i am not able to see the unused/monitored interface(g0/1) so that i could add both interface, which should show as per cisco doc. what may be the reason?

IPS 6.0

ASA(5520) 7.24

ASDM 5.24

Regards

Amardeep

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Wed, 02/03/2010 - 03:46

You need to configure the interface properly and plug it in the network.

The second interface is displayed different in the AIP-SSM, as  this is a logal/internal connection to the ASA.


Regards

Farrukh

Actions

This Discussion