How to enable IPS/IDS in ASA ?

Unanswered Question
Mar 8th, 2010
User Badges:

Hi,


I got a AIP SSM-20 for asa 5520.I am very new to this product.I have gone through few documents and understood how to redirect traffic from ASA to AIP-SSM.


I dont have clear idea on

1) How to access AIP-SSM through ASDM.

2) Is it possible to assign an ip to AIP-SSM from my inside interface LAN.

3) Is it required connect to management interface of the AIP-SSM to any switch(LAN).

4)How to control(Allow or Block) traffic.Since i am not very familiar with IDS/IPS , i want allow all the traffic but capture the logs of the aatck.


Can you take me through(Links to the documention site) step by step configuration which would place IDS/IPS in my network.


Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ydcnetwork Thu, 03/11/2010 - 05:59
User Badges:

Hi Uthay,



Plz find our response below.


1) How to access AIP-SSM through ASDM.

  • You need to configure the IP for the AIP-SSM first


2) Is it possible to assign an ip to AIP-SSM from my inside interface LAN.

  • Yes. It is possible to assign the IP address for the AIP-SSM & it should be reachable from the network

3) Is it required connect to management interface of the AIP-SSM to any switch(LAN).

  • Yes. If not you cannot access the device using GUI & SSH from the external host.


4)How to control(Allow or Block) traffic.Since i am not very familiar with IDS/IPS , i want allow all the traffic but capture the logs of the aatck.


Can you take me through(Links to the documention site) step by step configuration which would place IDS/IPS in my network.



  • By Default AIP-SSM will not support the syslog as like ASA. So download the Cisco IPS Manager   Express, it will be used to collect all your IPS logs and you can verify the same. It has report feature where you can get the below

               * TOP ATTACKER REPORT

               * TOP VICTIM REPORT

               * TOP SIGNATURE REPORT  & More.


Let us know the update once you had configured. Good luck

suhas_syndrome Fri, 11/15/2013 - 19:08
User Badges:

Hi ycs chennai,


i want allow all the traffic but capture the logs of the attack but can i do this configure through GUI?

i am not familar with ids CLI...i want all traffic only in detect mode...



suhas B

Actions

This Discussion

Related Content