cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1423
Views
0
Helpful
5
Replies

AIP-SSM-10 inline installation

Hi,iam kalyan.Can you please tell me how to configure AIP-SSM-10 module in ASA 5510 on inline mode.

1.what are the steps to be done in ASA and IPS (SSM module) for inline configuration.

The ASA is in active/standby failover configuration.

2.How the signatures will get updated? How to check the events (logs).

3.How to create the signatures in IPS?

4.How to get the default signatures from cisco and update into the IPS?

Please give me the detail information and provide me the links for details documents.

5 Replies 5

Jennifer Halim
Cisco Employee
Cisco Employee

1. Sample configuration on how to send traffic to the AIP module on ASA:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml

2. You can configure auto update for the signature updates, and you can check the event through IDM: Monitoring tab. Here is all configuration guide on IPS:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idmguide7.html

3. IPS comes with default signature (there are thousands of signature that comes with the IPS software). You can configure custom signature if there is anything specific you would like to configure.

4. Default signature already comes with the IPS software. You can update the signature as per 2) above.

Happy reading.

Hi,

I already checked the sample configuration and to divert the configuration to IPS of promiscous mode.

1.what are the chages need to be done in configuration from promiscous to inline mode of ASA.

2.Is there any configuration needs to be done in IDM for inline configuration and

a.how to check the logs in IDM and command prompt also.

b.how to update the signatures from cisco site.

i know default signatures are come with IPS.

c.how to check those default signatures,how to edit it and how to create the custom signatures.

d.Can we block any malicious traffic from IDM.

3.How to do the configuration in failover mode in ASA for inline configuration.

I think the in failover,the ASA configuration will replicate/copy from active to standby but the IPS configuration will not copy from active to standby.

Is it correct or not.if yes,tell me how to do the configuration on standby device of ASA (IPS inline configuration).

Versions are: ASA 8.0 and IDM 7.0

Is the below configuration is correct for inline, if not please clarify me.

======================================ASA configuration for inline IPS================
Chicago# configure terminal
Chicago(config)# class-map IPSclass
Chicago(config-cmap)# match any
Chicago(config)# policy-map IPSpolicy
Chicago(config-pmap)# class IPSclass
Chicago(config-pmap-c)# ips inline fail-open
service-policy IPSpolicy interface outside
service-policy IPSpolicy interface dmz1

========================on sensor==================
sensor# configure terminal
sensor(config)# service interface
sensor(config)# inline-interfaces PAIR1
sensor(config-int-inl)# interface1 GigabitEthernet0/0
sensor(config-int-inl)# interface2 GigabitEthernet0/1

Is it required on sensor,to configure a pair for inline configuration or not?

I want the complete configuration for inline mode of AIP-SSM-10 in ASA 5510.

Please clarify my above quaries and reply me at the earliest with sample configurations of both the devices for inline mode.

The answers to all your questions are in the configuration guide URL that has been posted earlier. Please take the time to read.

Failover on ASA will not replicate any of the configuration within the IPS itself. All configuration on the IPS needs to be manually configured on both modules.

To configure IPS module in inline-pair, there is no configuration that needs to be done on the IPS module itself. Only the policy-map on the ASA, set it to " ips inline fail-open" as configured. The configuration on the sensor is incorrect, you can set it back to default, as you don't need to configure any pairing on the module itself.

And this is a forum, not a TAC case, so please don't have high expectation on fast response rate.

Thanks for your reply.please tell me how to get a TAC support.

Any special privileges are required to get it..

please give me the details.

You would need to have a smartnet contract for your cisco device, and check out the "Contact Cisco for Support" section from the following URL:

http://www.cisco.com/cisco/web/support/index.html

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: