ASA 5520 - IPS SSM to cisco.com updates

Unanswered Question
May 12th, 2010

Hello guys

I am newbie to ASA firewalling.

I have ASA with IPS SSM-20

oustside port 10.10.0.1

managment port 192.168.1.1

sensor port 192.168.1.2

I have to do setup IPS SSM-20 to pick up auto updates from cisco.com

From outside port I can ping any internet IP end mangement and sensor port as well

From sensor port I can't ping any outside port

Now, I'd like setup sensor port to communicate to cisco.com

What I have to do ??

thanks for every suggestion

regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Wed, 05/12/2010 - 05:07

From the sensor mgmt port, you won't be able to ping the ASA outside interface ip address as it is not supported. From the sensor, you should be able to ping the ASA mgmt interface 192.168.1.1.

However, if your ASA mgmt interface is a management-only interface, then it would not route the traffic from the sensor towards the Internet, as if it is configured with "management-only", then it can only be used for management to the ASA. You can remove the "management-only" from the ASA mgmt interface if you would like to route the sensor traffic towards the Internet for the auto update to cisco.com. Please also make sure that you have configured NAT for the mgmt interface to traffic gets translated to reach the Internet.

Hope that helps.

Actions

This Discussion