how to use Cisco ASA5510 as an IPS

Unanswered Question
Mar 23rd, 2010
User Badges:

We have a Cisco ASA5510 w

ith ASA-SSM-10 module but we´d like to know how to configure it as

an IPS. We have it in the same network but in a simulate enviroment 2 different network segments.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Wed, 03/24/2010 - 14:34
User Badges:
  • Cisco Employee,

You need the ASA to pass traffic through the IPS as explained in http://supportforums.cisco.com/docs/DOC-5668


Note that since this is a different module you will need something like


access-list ips-acl extended permi ip any any 

class-map ips-class
match access-list ips-acl

policy-map global_policy
class ips-class
  ips fail-open

service-policy global_policy global



Then you can start configuring the ips following its config guide to fire on signatures etc.


I hope it helps.


PK

Actions

This Discussion

Related Content