Hi all ,

I have 2 ASA configured in active/standby failover mode. I want to configure IPS in promiscus mode with fail-open configuration.

i have not connected IPS with any pc through magmt port.

I can access IPS through ASA(5520) using session 1 and able to do basic configuration using setup.

after configuring when i try to login through ASA ASDM(IPS tab on home page of ASA ASDM) it ask for ip(managment or other ip).. I am trying to access the IPS with ip(192.168.3.74) configured in IPS using initial setup (192.168.3.74/27, 192.168.3.65) and also added access-list allowing 192.168.3.0/24.

ASA inside ip subnet:192.168.3.64/27

ASA DMZ ip subnet: 192.168.1.0/24

let me know if i need to assign IPS ip from dmz range or inside range?

Do i need to setup same IP for IPS in both ASA module?

Let me know if i can connect to IPS from ASA ASDM using some ip(192.168.3.74) configured through setup on 443 port.?

What access-list i should add in IPS or ASA if required?

While setting up IPS 1st time using setup command i am not able to see the unused/monitored interface(g0/1) so that i could add both interface, which should show as per cisco doc. what may be the reason?

IPS 6.0

ASA(5520) 7.24

ASDM 5.24

Regards

Amardeep